Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BIG TIME PROBLEMS


  • Please log in to reply
3 replies to this topic

#1 drprince

drprince

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 25 September 2009 - 09:27 AM

4 months ago i was trying to install a software from internet (cant remember exactly,registy cleaner i think)

then i realized that my taskbar was frozen every time i started my pc.i tried to find a solution and i realized that i could not connect to any microsoft site,and could not update my antimalware or antivirus softwares i was using at the time.

now i cannot connect to any microsoft or any antivirus or antimalware site!even more i cannot install any antivirus or spyware.i have tried very

hard and installed "treatfire' and 'spyware terminator'but nothing good hapend.problems are biger.

win xp pro 5.1.2600 sp3 IE8

Y0U guys are my last hope before formating!!!!

THANKS anyway!!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:12:32 PM

Posted 25 September 2009 - 10:17 AM

Sounds like a rootkit infection
We need to get a log for diagnosis


Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 drprince

drprince
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 25 September 2009 - 11:17 AM

Sounds like a rootkit infection
We need to get a log for diagnosis


Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2

  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.




Running from: C:\Documents and Settings\DRPRINCE\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\DRPRINCE\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...





Finished!



Volume in drive C is SYSTEM
Volume Serial Number is 0C93-43E9

Directory of C:\windows\$NtServicePackUninstall$

04/08/2004 01:56 зг 180.224 scecli.dll

Directory of C:\windows\$NtServicePackUninstall$

04/08/2004 01:56 зг 407.040 netlogon.dll

Directory of C:\windows\$NtServicePackUninstall$

04/08/2004 01:56 зг 55.808 eventlog.dll
3 File(s) 643.072 bytes

Directory of C:\windows\ServicePackFiles\i386

14/04/2008 03:12 зг 181.248 scecli.dll

Directory of C:\windows\ServicePackFiles\i386

14/04/2008 03:12 зг 407.040 netlogon.dll

Directory of C:\windows\ServicePackFiles\i386

14/04/2008 03:11 зг 56.320 eventlog.dll
3 File(s) 644.608 bytes

Directory of C:\windows\system32

14/04/2008 03:12 зг 181.248 scecli.dll

Directory of C:\windows\system32

14/04/2008 03:12 зг 407.040 netlogon.dll

Directory of C:\windows\system32

14/04/2008 03:11 зг 56.320 eventlog.dll
3 File(s) 644.608 bytes

Total Files Listed:
9 File(s) 1.932.288 bytes
0 Dir(s) 23.930.003.456 bytes free


Open that file and copy/paste the contents in your next reply.

Edited by garmanma, 25 September 2009 - 04:35 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:12:32 PM

Posted 25 September 2009 - 04:39 PM

Now that you have a log you need to post it in the HJT forum. If you cannot run what is in the preparation guide just include this scan and let them know it is all you could get to work


Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

There will also be instructions to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck

Edited by garmanma, 25 September 2009 - 04:40 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users