Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Robert0

Robert0

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 02 October 2009 - 06:05 AM

Virus or Hijacker..........., Internet Explorer and Removal Software won't function Options Track this topic
Email this topic
Print this topic
Download this topic
Subscribe to this forum
Display Modes
Switch to: Outline
Standard
Switch to: Linear+

Robert0
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 09:40 AM Post #1


New Member


Group: Members
Posts: 5
Joined: Yesterday, 08:28 AM
Member No.: 384,874



My son has aquired a virus or other malicious program that affects internet explorer. In addition it prevents that program from starting and also any virus scanning or spyware removal programs. What might the offending program be and how do I get rid of it short of wiping the drive clean?

I am running Windows XP on a Dell Vostro. The error message says something like " Windows cannot access the specified file or folder. You may not have sufficient Administrative rights for this action."



Full Edit
Quick Edit

quietman7
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 01:09 PM Post #2


Bleepin' Janitor


Group: Global Moderator
Posts: 17,431
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
This tool will create a diagnostic report for me to review.
Double-click on Win32kDiag.exe to run and let it finish.
When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
A file called Win32kDiag.txt should be created on your Desktop.
Open that file in Notepad, then copy and paste the entire contents starting with Running from... to Finished!) in your next reply.

Then go to > Run..., and copy and paste this command into the open box: cmd
press OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

CODE
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

-- Vista users can refer to these instructions to open a command prompt.



--------------------

"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Member of UNITE, Unified Network of Instructors and Trusted Eliminators


Robert0
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 07:27 PM Post #3


New Member


Group: Members
Posts: 5
Joined: Yesterday, 08:28 AM
Member No.: 384,874



I'm running the diagnostics program. It has been running about 30 minutes and now all that's visible is my background. The CPUs were running at 100&% for several minutes prior to this. Is this normal?
Full Edit
Quick Edit

Robert0
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 08:30 PM Post #4


New Member


Group: Members
Posts: 5
Joined: Yesterday, 08:28 AM
Member No.: 384,874




Here you go!


Running from: J:\Win32kDiag.exe

Log file at : C:\Documents and Settings\Brookshaw\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973874-IE8\KB973874-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP327.tmp\ZAP327.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP34F.tmp\ZAP34F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ie8updates\ie8updates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\inf\IEM\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe

[1] 2004-08-10 07:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\helpsvc.exe (Microsoft Corporation)

[1] 2004-08-10 07:00:00 743936 C:\WINDOWS\system32\dllcache\helpsvc.exe (Microsoft Corporation)



Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Vendors\Vendors

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\12e31c1143e5f70785d44c867e7b3e13\update\update.exe

[1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB895961-v4\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation)

[1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation)

________________________________________________________________________________
___________________
Volume in drive C has no label.
Volume Serial Number is 2438-35D2

Directory of C:\WINDOWS\$NtUninstallKB968389$

08/10/2004 07:00 AM 407,040 netlogon.dll
1 File(s) 407,040 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

08/10/2004 07:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32

02/06/2009 02:46 PM 408,064 netlogon.dll

Directory of C:\WINDOWS\system32

08/10/2004 07:00 AM 61,952 eventlog.dll
3 File(s) 650,240 bytes

Directory of C:\WINDOWS\system32\dllcache

08/10/2004 07:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\system32\dllcache

02/06/2009 02:46 PM 408,064 netlogon.dll

Directory of C:\WINDOWS\system32\dllcache

08/10/2004 07:00 AM 55,808 eventlog.dll
3 File(s) 644,096 bytes

Total Files Listed:
13 File(s) 2,990,592 bytes
0 Dir(s) 37,104,914,432 bytes free


Thank you for your help!

Full Edit
Quick Edit

quietman7
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts Yesterday, 10:36 PM Post #5


Bleepin' Janitor


Group: Global Moderator
Posts: 17,431
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Your system is infected with a new rootkit variant that has become quite pervasive as evidenced by these entries:

CODE
Mount point destination : \Device\__max++>\^
08/10/2004 07:00 AM 61,952 eventlog.dll

The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Disinfection will require the use of more powerful tools than we recommend in this forum.

Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:
What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit
If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach.

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please do the following.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

Start a new topic and post your DDS log along with the Win32kDiag.txt and Log.txt reports in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If DDS will not run, then just post the results of the Win32kDiag.txt and Log.txt. Be sure to include a note that you tried to follow the Prep Guide but were unable to get DDS to run.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.



--------------------

"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Microsoft MVP - Windows Security 2007-2009
Member of UNITE, Unified Network of Instructors and Trusted Eliminators



Next Oldest Am I infected? What do I do? Next Newest



1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
1 Members: Robert0


Fast Reply






Enable email notification of replies | Enable Smilies | Enable Signature



Forum Home Search Help Operating Systems |-- Windows 95/98/ME |-- Windows XP Home and Professional |-- Windows NT/2000/2003 |-- Windows Vista |-- Windows 7 |-- Linux & Unix |---- Live Linux |-- DOS/PDA/Other |-- Mac OS Hardware |-- Internal Hardware |-- External Hardware |-- System Building and Upgrading |-- Questions and advice for Buying a New Computer Gadgets |-- Cell Phones |-- iPod, Zune & MP3 Players |-- GPS Devices Software |-- Business Applications |-- Games |-- All Other Applications |-- Tips and Tricks |-- Graphics Design and Photo Editing |-- Audio and Video |-- Programming Internet & Networking |-- Web Browsing/Email and Other Internet Applications |-- Networking |-- Web Site Development Security |-- AntiVirus, Firewall and Privacy Products and Protection Methods |-- Am I infected? What do I do? |-- Breaking Virus & Security News |-- Security Updates |-- HijackThis Logs and Virus/Trojan/Spyware/Malware Removal |---- Misplaced HJT Logs |-- Spyware and Malware Removal Guides and Reading Room Bleeping Computer Applications and Guides |-- Tutorials |-- Windows Startup Programs Database |-- Mini guides and how-tos - Simple answers to common questions |---- Audio and Video Mini-Guides |---- Email Mini-Guides |---- Images, Image Editing, Image Viewing Mini-Guides |---- Internet Applications Mini-Guides |---- Linux Mini-Guides |---- Networking Mini-Guides |---- Security Mini-Guides |---- Web Browsers Mini-Guides |---- Microsoft Windows Mini-Guides |---- Programming and Web Design Mini-Guides General Topics |-- General Chat |-- Introductions |-- New User Orientation |-- Bleeping Computer Announcements, Comments, & Suggestions |-- News |-- The Speak Easy |-- Home Improvement and Repair |-- Forum Games |-- Photo Albums, Images, and Videos |-- Tests and Scribbles


Display Mode: Standard Switch to: Linear+ Switch to: Outline


Track this topic Email this topic Print this topic Subscribe to this forum


English Lo-Fi Version 0.0889 sec -- 11 queries GZIP Enabled
Time is now: 2nd October 2009 - 07:00 AM


Advertise | About Us | Terms of Use | Privacy Policy | Contact Us | Site Map | Chat | Tutorials | Uninstall List | Virus Removal Guides
Discussion Forums | The Computer Glossary | Resources | RSS Feeds | Startups | The File Database | Malware Removal Guides Archive


2003-2009 All Rights Reserved Bleeping Computer LLC.


Powered By IP.Board 2009 IPS, Inc.

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:42 PM

Posted 05 October 2009 - 04:41 PM

Hello Robert0,

Please save this file to your desktop.
Click on Start->Run, and copy-paste the following command (the bolded text)

"%userprofile%\desktop\win32kdiag.exe" -f -r

into the "Open" box, and click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:42 PM

Posted 12 October 2009 - 10:00 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users