Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network at office get stuck when I connect


  • Please log in to reply
3 replies to this topic

#1 Shalashaska

Shalashaska

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 29 September 2009 - 01:36 PM

Hello.

Recently I had very serious troubles with the office's network. A week ago some files (some cad drawings) came to my machine on a usb stick. After that i noted some popus alerts: "kjhfkhsdkfjh.exe" or "dhfgjhgfka.exe" or "anything.exe" had to close because the process can´t "write" o "read" in the memory, with the options Depure to close the process o Cancel.

So I tried with Clamwin AV, to perform a memory scan; Clamwin can detect the process and unload from memory, but after some time (minutes, hours) the alerts continues. Also tried to rebbot Windows and manually unload these process via Task Manager, with the same result.

Anyway I have to keep working so if these alerts don't do anything else, just click the Depure button and move on. But three day ago, the Intenet access has been down for some unkown reason, the ISP change the modem/router, the boss also buy a new Linksys router, and the issue was resolved with irregularities: the access sometimes fails. I notice that my machine can't connect to these networks, except if I start windows in safe mode, so I assume that is my machine. But more curious, when a I try to acces the web in Windows normal mode, the network fail and also denied the web access to the other machines.

I read about rootkits, tough I had one of these, and perform a lot of scans with Clamwin or manually in Task Manager, ending process who suspect would be the virus or something, change the windows registry (in "Local Machine\Software\Microsoft\Windows\Current version\Run"), uncheck the startup programs via Msconfig, deleted some files who suspect.

And now I came here and downloaded ComboFix but this program had a very serious warning about the risk of use inproperly, so if anyone had any idea or suggestion, will be really appreciate. Don't want to format and reinstall the os, because, well tipically if any data, not only my machine but the whole office, is deleted o lost for some reason everybody will point their finger to this humble narrator. Thanks in advance.

Goobye

Edited by The weatherman, 29 September 2009 - 01:45 PM.
Moved from XP to a more appropriate forum. Tw


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:20 AM

Posted 29 September 2009 - 08:39 PM

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

    --------------------------------------
Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Shalashaska

Shalashaska
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 30 September 2009 - 09:57 AM

Hello.

Thanks for the quick awnser. Here are the two logs files:

Win32Diag.txt
Running from: D:\Programas\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrador\Escritorio\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!


Log.txt
El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: E818-57C7

Directorio de C:\WINDOWS\$NtServicePackUninstall$

19/08/2004 11:42 a.m. 184,832 scecli.dll

Directorio de C:\WINDOWS\$NtServicePackUninstall$

19/08/2004 11:42 a.m. 55,808 eventlog.dll
2 archivos 240,640 bytes

Directorio de C:\WINDOWS\ServicePackFiles\i386

13/04/2008 08:18 p.m. 185,856 scecli.dll

Directorio de C:\WINDOWS\ServicePackFiles\i386

13/04/2008 08:18 p.m. 56,320 eventlog.dll
2 archivos 242,176 bytes

Directorio de C:\WINDOWS\system32

13/04/2008 08:18 p.m. 185,856 scecli.dll

Directorio de C:\WINDOWS\system32

13/04/2008 08:18 p.m. 56,320 eventlog.dll
2 archivos 242,176 bytes

Total de archivos en la lista:
6 archivos 724,992 bytes
0 dirs 5,829,398,528 bytes libres


Hope will be useful.

Goodbye.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:20 AM

Posted 30 September 2009 - 08:06 PM

Please download SREng2 (System Repair Engineer) and save to your desktop.
  • Create a new folder on your hard drive called Sreng2 (C:\Sreng2) and extract (unzip) the file there. (click here if you're not sure how to do this. Vista users refer to this link.)
  • Open the folder and double-click on SREngLdr.EXE to launch it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan from the left pane.
  • Leave all options checked to include Verify the digital signature of process modules (default).
  • Click the Scan button at the bottom right corner.
  • Please be patient as the scan will take a few minutes.
  • When the scan is complete, click on the Save Reports button to save the SREngLOG.log to the SREeng folder (C:\SREng) or your Desktop.
  • Click Close and exit SREng.
  • Copy and paste the contents of SREngLOG.log in your next reply.
Note: The log can be long and you may need several posts to post all of it. If you're using a custom HOSTS file, edit out the HOSTS File section, as it will make the log too long for posting.

Edited by garmanma, 30 September 2009 - 08:07 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users