Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91910 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Infection Removal - USB drivers - XP SP updates


  • This topic is locked This topic is locked
45 replies to this topic

#31 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 26 November 2009 - 12:59 PM

Hey Tomk, Happy Thanksgiving. I tried the latest solution. The result: Windows Defender finally started working again. SP3, however, again failed to install catalog files and was not installed. Kevin

    Advertisements

Register to Remove


#32 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,154 posts

Posted 26 November 2009 - 08:03 PM

cklenertz,

Happy Thanksgiving to you and yours.

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:

http://download.blee.../Win32kDiag.exe

Once downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.

Double-click on this file and post the contents as a reply to this topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#33 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 26 November 2009 - 11:54 PM

Here you go again. Thanks of course, enjoy your day. Kevin ------------------------------------------------------------------------------------------------------------------------------------------ Running from: C:\Documents and Settings\Kevin Lenertz\My Documents\Downloads\Win32kDiag.exe Log file at : C:\Documents and Settings\Kevin Lenertz\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB928090\KB928090 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB950749\KB950749 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP167.tmp\ZAP167.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP276.tmp\ZAP276.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AC.tmp\ZAP2AC.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4D7.tmp\ZAP4D7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6A9.tmp\ZAP6A9.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7B9.tmp\ZAP7B9.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7CA.tmp\ZAP7CA.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD7.tmp\ZAPD7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Downloaded Installations\Downloaded Installations Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\History\History Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\InCD\InCD Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\62287FAB00234BD4EB33D429A2978904\3.0.6920\3.0.6920 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\983B05722D2A359499AC721C2F8A6EDF\9.2.3042\9.2.3042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Minidump\Minidump Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Performance\WinSAT\DataStore\DataStore Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\394fe6dfc179e51c798ca1a90ca6432e\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b0264899240408ce315fe572c84c0e59\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4e2c4c1796c7661ddc2deb71954958c7\4e2c4c1796c7661ddc2deb71954958c7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQL9_KB948109_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixas\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixdts\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixns\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixrs\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixsql\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SQLTools9_KB948109_ENU\hotfixtools\files\files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Finished!

#34 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,154 posts

Posted 27 November 2009 - 08:30 AM

cklenertz,

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#35 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 November 2009 - 01:26 PM

Hey Tomk, What ever the Win32KDiag software did yesterday it helped. It finally downloaded SP3. Here the latest: Running from: C:\Documents and Settings\Kevin Lenertz\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Kevin Lenertz\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

#36 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,154 posts

Posted 28 November 2009 - 01:49 PM

cklenertz, Please run ComboFix again. It will probably ask if you want to update it to the newest version. You do.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#37 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 November 2009 - 06:27 PM

Here you go Tomk.

#38 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,154 posts

Posted 28 November 2009 - 06:30 PM

cklenertz, Uhm... I think you forgot something. :P

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#39 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 November 2009 - 07:36 PM

You're absolutely correct. :smack: Unfortunately though it wouldn't let me attach it as a file or paste it because it is too big. I'll put it in three posts. Kevin POST 1

Attached Files



#40 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 November 2009 - 07:37 PM

POST 2

Attached Files


    Advertisements

Register to Remove


#41 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 November 2009 - 07:38 PM

POST 3 :yeah:

Attached Files



#42 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 28 November 2009 - 07:39 PM

And now I'm off to work. I"m curious what you see in those Combo Fix logs. Is it explainable?

#43 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,154 posts

Posted 28 November 2009 - 08:02 PM

cklenertz,

The majority of that log was a list of changed files. It was so big because you just updated your OS with SP3.

Otherwise, Log looks good :D


Time for some housekeeping
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Please re-enable any security that was disabled.

Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

If any tools are left, go ahead and delete them.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#44 cklenertz

cklenertz

    Authentic Member

  • Authentic Member
  • PipPip
  • 80 posts

Posted 02 December 2009 - 02:43 AM

Tomk, Thank you sir. I will read the suggested materials and implement the suggestions and precautions I am not currently employing. Thank you for all your help and time. It is much appreciated. :woot: Kevin

#45 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,154 posts

Posted 02 December 2009 - 10:30 AM

cklenertz, You are very welcome. Good Luck and be Well. :thumbup:

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users