Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91987 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Infection Removal - USB drivers - XP SP updates


  • This topic is locked This topic is locked
45 replies to this topic

#16 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 16 November 2009 - 12:00 PM

cklenertz,

Please give this a go:

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section.
  • Press the GO button in the bottom of the window.
  • Exit/Close Dial-A-Fix

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#17 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 19 November 2009 - 10:22 PM

Hey Tomk, I thought I'd lost you. I posted the following before I noticed your previous post regarding the mirrors. I'll try that and get back to you. Made another attempt to get SP3. Finally got auto update to start working and got a lot of the security updates installed but still unable to install SP3. Outlook still isn't working correctly but everything else seems to be functioning. Also got rid of AVG and downloaded avast. Did the Dial-a-Fix program. Had several errors regarding my versions of webcheck.dll and iesetup.dll. Followed given instructions and exited when complete. Thank you, hope all is well. Kevin

Edited by cklenertz, 19 November 2009 - 10:47 PM.


#18 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 19 November 2009 - 10:38 PM

cklenertz, I'll keep my fingers crossed. :popcorn:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#19 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 19 November 2009 - 10:52 PM

So what happens now? I'm not familiar with crossing my fingers. Is that an ancient tech method they no longer teach in the schools? :smack:

#20 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 19 November 2009 - 11:34 PM

cklenertz, It's very confusing when you go back and edit in information in old posts. :unsure: Can you please clarify. You have now ran Dial-a-fix I believe. Have you tried to update since then?

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#21 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 21 November 2009 - 03:57 AM

Service Pack 3 Setup Error Failed to install catalog files. That is the error I got when trying to install Service Pack 3. Kevin

#22 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 21 November 2009 - 08:58 AM

cklenertz,

Download the diagnostic tool MGADiag and save it to your desktop.

  • Double-click on MGADiag.exe.
  • Click Run.
  • Click Continue, then Copy.
  • Paste the report in your next reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#23 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 21 November 2009 - 01:29 PM

Here you go Tomk. Diagnostic Report (1.9.0011.0): ----------------------------------------- WGA Data--> Validation Status: Genuine Validation Code: 0 Cached Validation Code: N/A Windows Product Key: *****-*****-WHX66-QK7R9-QX2VT Windows Product Key Hash: APheq6sNZJ6TgF8a1IzL8xfcpio= Windows Product ID: 55274-640-0391062-23307 Windows Product ID Type: 1 Windows License Type: Volume Windows OS version: 5.1.2600.2.00010100.2.0.pro ID: {505A35F2-4B53-40B2-95E5-15FCAC76E115}(3) Is Admin: Yes TestCab: 0x0 WGA Version: Registered, 1.9.40.0 Signed By: Microsoft Product Name: N/A Architecture: N/A Build lab: N/A TTS Error: N/A Validation Diagnostic: 025D1FF3-230-1 Resolution Status: N/A WgaER Data--> ThreatID(s): N/A Version: N/A WGA Notifications Data--> Cached Result: 0 File Exists: Yes Version: 1.9.40.0 WgaTray.exe Signed By: Microsoft WgaLogon.dll Signed By: Microsoft OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: 2.0.48.0 OGAExec.exe Signed By: Microsoft OGAAddin.dll Signed By: Microsoft OGA Data--> Office Status: 100 Genuine Microsoft Office XP Professional - 100 Genuine Microsoft Office XP Standard - 100 Genuine Microsoft Office XP Professional with FrontPage - 100 Genuine OGA Version: Registered, 2.0.48.0 Signed By: Microsoft Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{505A35F2-4B53-40B2-95E5-15FCAC76E115}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-QX2VT</PKey><PID>55274-640-0391062-23307</PID><PIDType>1</PIDType><SID>S-1-5-21-2025429265-2139871995-839522115</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>M848A</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>07.00T</Version><SMBIOSVersion major="2" minor="3"/><Date>20010402000000.000000+000</Date></BIOS><HWID>8A313D6F0184A07F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>1E04D0CC55816E</Val><Hash>ZbuPntzF21h+9EZY3qdiF2SEJQA=</Hash><Pid>54186-640-3360556-17860</Pid><PidType>14</PidType></Product><Product GUID="{90120409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Standard</Name><Ver>10</Ver><Val>1E04D0CC55816E</Val><Hash>ZbuPntzF21h+9EZY3qdiF2SEJQA=</Hash><Pid>54187-640-3360556-17721</Pid><PidType>14</PidType></Product><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>1E04D0CC55816E</Val><Hash>ZbuPntzF21h+9EZY3qdiF2SEJQA=</Hash><Pid>54185-640-3360556-17909</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="17" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> Licensing Data--> N/A HWID Data--> N/A OEM Activation 1.0 Data--> BIOS string matches: yes Marker string from BIOS: 1AE4C:Elitegroup Computer Systems Co Ltd Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005 OEM Activation 2.0 Data--> N/A

#24 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 21 November 2009 - 02:15 PM

cklenertz,

It might by handy to print the following commands so you can see them better while you are at the Cmd prompt.

  • Click Start, click Run, type cmd, and then click OK.
  • At the command prompt, type the following commands, and then press ENTER after each line:
    net stop cryptsvc
    ren %systemroot%\System32\Catroot2 oldcatroot2
    net start cryptsvc
    exit

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#25 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 22 November 2009 - 03:14 AM

Hey Tomk, It stopped the service. When I put the next command it told me access was denied. So I restarted the service and exited. Kevin

    Advertisements

Register to Remove


#26 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 22 November 2009 - 11:14 AM

cklenertz,

Please put your computer in safe mode and try the same commands.

We Now Need To Boot Into Safemode

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine,
amount of memory, hard drives installed etc (BOOT SCREEEN).
At this point you should gently tap the F8 key repeatedly until you are presented with a Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

After you have finished with the command prompt window, reboot to normal mode and try your update.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#27 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 24 November 2009 - 12:12 AM

Tried that in Safe Mode. It stopped cryptsvc, ran the code you provided and it told me "duplicate file exists or file cannot be found." Tomk, are we running out of options or are we just getting started?

#28 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 24 November 2009 - 10:58 AM

cklenertz,

We will run out of my limited knowledge before we will run out of options. ^_^

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *catroot*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#29 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 25 November 2009 - 08:49 AM

You're disillusioning me. I was developing the impression that your knowledge was limitless. :thumbup: Here's the contents of that logfile: SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 06:44 on 25/11/2009 by Kevin Lenertz (Administrator - Elevation successful) ========== filefind ========== Searching for "*catroot*" No files found. -=End Of File=- Thanks again. Kevin

#30 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,156 posts

Posted 25 November 2009 - 12:14 PM

cklenertz,

A colleague on the tech team pointed out that Microsoft has provided a potential fix for this problem.

1. Download and then install the Subinacl.exe file. To do this, visit the following Microsoft Web site:
http://www.microsoft...;displaylang=en (http://www.microsoft...&displaylang=en)
2. Start Notepad.
3. Copy and then paste the following text into Notepad.
cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
	  subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
	  subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
	  subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
	  subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
	  subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
	  secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
4. Save this Notepad file as Reset.cmd.
5. Double-click the Reset.cmd file to run the script.

Note This script file may take a long time to run. You must run this script as an administrator.
6. Install Windows XP SP3.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users