Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error using rootrepeal


  • Please log in to reply
3 replies to this topic

#1 yudi

yudi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 17 November 2009 - 02:50 AM

Hi guys

I am following the steps suggested in the following link

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

I get to figure 12 and rootrepeal after scanning for sometime throws up an error. I attached the screen shots. I hope it helps.

Thanks
Yudi

Attached Files



BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:28 PM

Posted 17 November 2009 - 10:54 AM

Welcome to BC

See if this will run instead
If it doesn't, as lond as you have a DDS log go ahead and post it with a brief note explaining that it would not run

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 yudi

yudi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 18 November 2009 - 04:10 AM

Thanks for the prompt reply.

I have been cleaning up junk on my system and installed the new Microsoft security essentials and it straight away found two trojans. Hence I am here trying to know if there are any other nasty elements lurking around in my system.

Here are the contents of Win32kDiag.txt

Running from: C:\Users\rahul\Desktop\security\Win32kDiag.exe

Log file at : C:\Users\rahul\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-11-16 23:17:35 3765 C:\Windows\bthservsdp.dat ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-17 18:15:30 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-17 14:47:08 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-ForwardedEvents.etl

[1] 2009-11-17 14:47:08 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-ForwardedEvents.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-17 18:12:54 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-17 18:12:54 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl

[1] 2009-11-17 18:13:00 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl ()



Cannot access: C:\Windows\Temp\hsperfdata_RAHUL-PC$\4040

[1] 2009-11-17 18:16:51 65536 C:\Windows\Temp\hsperfdata_RAHUL-PC$\4040 ()





Finished!

and these form the command

Volume in drive C is OS
Volume Serial Number is 9ECE-3688

Directory of C:\Windows\System32

10/04/2009 11:28 PM 177,152 scecli.dll

Directory of C:\Windows\System32

10/04/2009 11:28 PM 592,896 netlogon.dll
2 File(s) 770,048 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

10/04/2009 11:28 PM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

10/04/2009 11:28 PM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Total Files Listed:
4 File(s) 1,540,096 bytes
0 Dir(s) 23,596,265,472 bytes free


Do you want me to post the contents of DDS.txt and Hijackthis.log?

The following entry is hard to get rid of. Inspite of deleting it from the registry, comes back in an instant and it actually autostarts every time.
O4 - HKCU\..\Run: [L07AXLRD_138372] C:\PROGRAM FILES\MICROSOFT STUDENT\MICROSOFT STUDENT WITH ENCARTA PREMIUM 2007 DVD\EDICT.EXE -m

I uninstalled this program long ago. How to get rid of it.

Thanks for your help mate. Much appreciated.

Yudi

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:09:28 PM

Posted 18 November 2009 - 05:54 PM

Hence I am here trying to know if there are any other nasty elements lurking around in my system.
Yes you have a few

Now that you were successful in creating a win32diag log you need to post in our HJT forum There they will help you with the removal through some custom scripts and programs that we cannot run here in this forum

Post the DDS log and win32diag log here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/


Just give a brief description and tell them that these logs were all you could get to run successfully



The HJT team is extremely busy, so be patient and good luck

Edited by garmanma, 18 November 2009 - 05:55 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users