I have attempted to run Combofix, SDfix, Malwarebytes, RootRepeal, Hijackthis, AVG, and Autoruns.
When I try to run the .exe, the program will launch for a few seconds and then crash. When I try to reopen the program I get: “Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.” The hassle with this is that after trying to run SDfix cmd and explorer start getting the same error. I had to go in and add the SYSTEM and Admin group back to the security tab.
What I have found is that the scecli.dll file is most likely infected here. I proceeded with running Avenger with the following script:
Files to move:
C:WINDOWSsystem32scecli.dll | C:WINDOWSsystem32scecli.dll.vir
C:WINDOWSServicePackFilesi386scecli.dll | C:WINDOWSsystem32scecli.dll
This did not help me get any of the removal tools to run so I added:
Programs to launch on reboot:
C:Documents and Settings”user name”DesktoptoolsCombo-Fix.exe
This was able to get combofix to run for the first time, but it stops at Stage 48 with Access Denied.
My problem highly resembles this post: Forum Link
However, the OP does not say how he finally got combofix to run.
Any help would be appreciated. I’m not new to malware removal, but this is really kicking my butt.
I did not mention in my orginal post that I have also done the following:
I have tried to run GMER, RSIT, Win32kdiag, and Peek.bat. All have failed before completing the scan except win32kdiag. I have attached the resulting file to this post.
Thank you for taking the time to look over the file.
win32kdiag.txt 13.28KB 17 downloads
Merged posts. ~ OB
Edited by Orange Blossom, 26 August 2009 - 11:29 PM.