Undetectable virus, cannot run antivirus or antispyware apps
Touch Forum Moderator Hello DULBARK and welcome
and download Win32kDiag.exe directly to your Desktop
cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after:cd\
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
"%userprofile%\desktop\win32kdiag.exe" -f -r
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here, along with a Gmer log.
and download the installer for Gmer to your desktop, then click that file to run Gmer. hidden " or "rootkit ", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).
You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Touch Forum Moderator Please copy and paste the logs -
You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
DULBARK Please find the win32kdiag log :- 2009-10-29 14:27:16 1474832 C:\WINDOWS\system32\drivers\sfi.dat () 2004-08-04 07:56:42 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) 2008-04-14 00:11:53 56320 C:\WINDOWS\eventlog.dll (Microsoft Corporation) 2008-04-14 00:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) 2008-04-14 00:11:53 61952 C:\WINDOWS\system32\eventlog.dll () 2008-04-14 00:11:53 56320 C:\WINDOWS\system32\logevent(2).dll (Microsoft Corporation) 2008-04-14 00:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Back to Top
DULBARK Here is the GMERlog. Back to Top
Touch Forum Moderator Seems you have some missing or infected system files, so let´s see if combofix can replace them ->
Please download Combofix from:
And save to the desktop al alg.exe
Close all other browser windows.
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
When finished, it will produce a logfile located at C:\combofix.txt.
Post the contents of that log in your next reply
The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
DULBARK I have run Combofix here is part one. ADS - WINDOWS: deleted 24 bytes in 1 streams. Back to Top
DULBARK Here is part two..... Back to Top
DULBARK Now part three ......to complete the trilogy. Back to Top
Touch Forum Moderator Great, combofix replace the infected file
"Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Please tell how things are running now ?
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
DULBARK Here is some additional info: Back to Top
Forum Information Currently it is Saturday, November 21, 2009 4:07 PM (GMT +1)View Active Threads Who's Online This forum has 30334 registered members. Please welcome our newest member, sushil .Details 5 Latest Threads
|