Jump to content

Programs not opening, or giving errors upon opening, no internet access.


Recommended Posts

If the Recovery Console is installed, this folder should exist - D:\CmdCons

Looks like you didnt get it installed the previous time. That's a bit unfortunate.

I noticed that boot.ini is not found. Is this a multiboot machine? Do you have other Operating Systems installed in your other partitions?

Link to post
Share on other sites

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

If the Recovery Console is installed, this folder should exist - D:\CmdCons

Looks like you didnt get it installed the previous time. That's a bit unfortunate.

I noticed that boot.ini is not found. Is this a multiboot machine? Do you have other Operating Systems installed in your other partitions?

Yes, there''s a corrupted version of Win2k-Professional installed on C. I originally wanted to run 2k when I built this computer, but I ran into problems, and these days if I ever try to use it it just immediately blue screens and tells me there are problems that I have no idea how to fix, so I just took the easier route and installed XP on D and it's been fine since then (about 20 months ago)

Link to post
Share on other sites

Hmm .. I was rather hoping the other OS was operational. If it were so, we could have used that to remove the current blockade. I take it that you have the install CDs for both of these OS.

Let's take another route with this ...

* Kindly take note that the next step shall reboot the machine

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this: bat_icon.gif

Double click on fix.bat & allow it to run

After the machine reboots, check if this file gets created on your Desktop - Catchme.txt

Link to post
Share on other sites

disk not found \eventlog.dll

read file error: D:\WINDOWS\system32\eventlog.dll, The process cannot access the file beacuse it is being used by another process.

I have to say - I am incredibly thankful for your continued assistance so far, you've been wonderful. I actually have to step out for a few hours now, but I hope you will still be around when I return!

Link to post
Share on other sites

Log file is located at: D:\Documents and Settings\Cozy Lemon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Found mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: D:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

Found mount point : D:\WINDOWS\system32\EVGA\EVGA

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

Link to post
Share on other sites

I do have a WinXP CD now
That's good news. With that in hand, it's as good as licked.

Before attempting that, I do have one last method for you to try out.

-------

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this: bat_icon.gif

Double click on fix.bat & allow it to run

-------

After it has finished running, try running ComboFix. Let me know if it runs.

Link to post
Share on other sites

Well after a minute or two, Combofix said it needed to restart due to several files, listing them "just incase"

d:\windows\system32\drivers\SKYNETivddsevs.sys

D:\WINDOWS\system32\SKYNETqubgxqep.dll

D:\WINDOWS\system32\SKYNETydatvqmo.dat

D:\WINDOWS\system32\SKYNETavhxbjlc.dll

D:\WINDOWS\system32\SKYNETtowyvkmp.dat

it restarted, and I've been looking at the blue command window for about 10 minutes but nothing appears to be happening.

Link to post
Share on other sites

The run appeared to complete sucessfully. It said it wasn't allowed to restart windows, so I did, and when I restarted programs actually ran (including one or two "Your computer is infected with spyware!" drones), which hadn't been happening.

No log was created that I can tell, however.

Teatimer went crazy about registry changes.

What's next?

Link to post
Share on other sites

It listed a bunch of "steps complete" I didn't catch the final number, but it was at least 20 I would think. I didn't see it giving an errors during this.

It then cleared the page of the steps complete display, and said "scan complete" (or something to that effect) "Restarting Windows. Access Denied."

Link to post
Share on other sites

Yes I manually rebooted after CF was blocked from doing so.

Log file is located at: D:\Documents and Settings\Cozy Lemon\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Found mount point : D:\WINDOWS\$hf_mig$\KB894391\KB894391

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp\ZAP38F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir

Mount point destination : \Device\__max++>\^

Cannot access: D:\WINDOWS\system32\CF15426.exe

[1] 2009-08-30 01:23:50 389120 D:\WINDOWS\system32\CF15426.exe ()

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\CDHSKQ2H\CDHSKQ2H

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\CMKCVNGU\CMKCVNGU

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Favorites\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\System\System

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Office\Groove\User\User

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: D:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 00:56:42 55808 D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 D:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

Found mount point : D:\WINDOWS\system32\EVGA\EVGA

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\LogFiles\WUDF\WUDF

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\History\History.IE5\History.IE5

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsa58.tmp\nsa58.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsb2D.tmp\nsb2D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsc46.tmp\nsc46.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsc5A.tmp\nsc5A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nse52.tmp\nse52.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsh4E.tmp\nsh4E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsj6.tmp\nsj6.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsk29.tmp\nsk29.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsk36.tmp\nsk36.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsk42.tmp\nsk42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsm3E.tmp\nsm3E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsm56.tmp\nsm56.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsn21.tmp\nsn21.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsp11.tmp\nsp11.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsp3A.tmp\nsp3A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsq15.tmp\nsq15.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsr25.tmp\nsr25.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nst32.tmp\nst32.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsu4A.tmp\nsu4A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsw1D.tmp\nsw1D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\nsy19.tmp\nsy19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\Temp\SDDLLS\SDDLLS

Mount point destination : \Device\__max++>\^

Found mount point : D:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

Link to post
Share on other sites

1] 2008-04-13 17:11:53 63488 D:\WINDOWS\system32\eventlog.dll ()

Lol .. stubborn lil critter is still there.

d:\windows\system32\drivers\SKYNETivddsevs.sys

D:\WINDOWS\system32\SKYNETqubgxqep.dll

D:\WINDOWS\system32\SKYNETydatvqmo.dat

D:\WINDOWS\system32\SKYNETavhxbjlc.dll

D:\WINDOWS\system32\SKYNETtowyvkmp.dat

Since we got rid of these, I think Avenger may run now

Link to post
Share on other sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "D:\WINDOWS\system32\logevent.dll" not found!

File move operation "D:\WINDOWS\system32\logevent.dll|D:\WINDOWS\system32\eventlog.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

----------------

That is obtained using the same code you listed before

Files to move:

D:\WINDOWS\system32\logevent.dll| D:\WINDOWS\system32\eventlog.dll

---------------------

When it popped up the avenger log, the rest of the desktop went away, as if it were restarting, but then after I closed the avenger log, it reappeared, however, no programs were launched this time.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.