Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown name of virus... deletes virus scanners


  • Please log in to reply
3 replies to this topic

#1 etSNEAK

etSNEAK

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 24 September 2009 - 04:40 PM

some programs...like Spybot S&D and fsbl get deleted as I do scans. I also cannot delete these once it shuts the program off. I know theres something wrong with my computer I just cant find it. I'm not a complete noob with this stuff, I do not need the download links and a step by step detailed instruction on the solution. I'm telling you this so you don't waste your time typing up so much stuff for me, I am aware this is a very busy forum ^^.

I just need the basic directions to take. I already have killbox installed but I do not know what to remove...or maybe you will suggest something else for me to do. I tried to run HJT but while scanning it was closed and I cannot re-open the executable. :thumbsup:

Edited by The weatherman, 24 September 2009 - 05:17 PM.
Moved from HJT to a more appropriate forum. Tw


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:27 AM

Posted 24 September 2009 - 10:01 PM

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 etSNEAK

etSNEAK
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 24 September 2009 - 10:23 PM

Win32kDiag.txt

Running from: C:\Documents and Settings\Roman\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Roman\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point	   : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP32.tmp\ZAP32.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Caps\CapLettersDF\CapLettersDF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Caps\CapLettersFF\CapLettersFF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Caps\CapLettersIF\CapLettersIF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Caps\CapLettersMU\CapLettersMU

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Caps\CapLettersRS\CapLettersRS

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Media\New Folder\New Folder

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2003-06-20 06:00:00 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 05:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()



Found mount point	   : C:\WINDOWS\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!


log.txt

Volume in drive C has no label.
 Volume Serial Number is B080-1D9F

 Directory of C:\WINDOWS\$NtServicePackUninstall$

06/20/2003  06:00 AM		   174,592 scecli.dll

 Directory of C:\WINDOWS\$NtServicePackUninstall$

06/20/2003  06:00 AM		   399,360 netlogon.dll

 Directory of C:\WINDOWS\$NtServicePackUninstall$

06/20/2003  06:00 AM			49,152 eventlog.dll
			   3 File(s)		623,104 bytes

 Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008  05:42 AM		   181,248 scecli.dll

 Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008  05:42 AM		   407,040 netlogon.dll
			   2 File(s)		588,288 bytes

 Directory of C:\WINDOWS\system32

04/14/2008  05:42 AM		   181,248 scecli.dll

 Directory of C:\WINDOWS\system32

04/14/2008  05:42 AM		   407,040 netlogon.dll

 Directory of C:\WINDOWS\system32

04/14/2008  05:41 AM			61,952 eventlog.dll
			   3 File(s)		650,240 bytes

 Directory of C:\WINDOWS\system32\dllcache

04/14/2008  05:42 AM		   181,248 scecli.dll

 Directory of C:\WINDOWS\system32\dllcache

04/14/2008  05:42 AM		   407,040 netlogon.dll
			   2 File(s)		588,288 bytes

	 Total Files Listed:
			  10 File(s)	  2,449,920 bytes
			   0 Dir(s)  63,905,755,136 bytes free


I also believe this may have something to do with not being able to adjust the properties of my local area connection. Whenever I click properties I get an error: "An unexpected error has occurred." Another problem I have been having lately is with uTorrent. It's been working fine for a very long time and now for some reason its telling me my port is not forwarded. I checked in IPCOP and the port is forwaded on TCP to my computers local IP.

Edited by etSNEAK, 25 September 2009 - 12:28 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:27 AM

Posted 25 September 2009 - 06:49 PM

Now that you were successful in creating a log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users