-
Member
-
Hello northernunicorn and welcome back to the Spybot S&D forums. Sorry for the delay in getting to your post.
Let's start with a quick diagnostic.
Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
-
Member
-
Do you have another PC you can download files on and transfer over or run with a CD/DVD or USB drive?
-
Member
-
I meant downloading them on another PC and transferring over that way.
This may be a new infection or variation that is nasty. I'm watching one other thread in another forum with the same symptoms, and they haven't found a way to get around this yet.
-
Member
-
Okay normally I would post the download link when I advise the tool, but here I'll advise the tools I would expect we may use here. At least to get to the point where you can download files.
Don't run or install tools until advised, but I realize you may not want to go back and forth from your neighbors, so you can get them all on disk.
The first is the Win32kDiag tool I advised earlier. Try and copy it to your desktop to run it. If you cannot then try running from the disk.
Please save this file. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
The other tools to save to disk are as follows.
Root Repeal:
Zip Mirrors (Recommended)
Combofix:
Link 1
Link 2
Temp File Cleaner:
TFC
DDS:
From here or here or here.
-
Member
Hi IndiGenous:
Im back and at a friend's computer.
I will try to save to CD the tools you mentioned and then run them on my computer.
Hope this works. I will let you know.
I apologize for the long wait between...family & financial obligations took over my time.
from Dorothy
-
Member
log from Win32Diag tool part1
Hi IndiGenus:
[QUOTE=IndiGenus;341460]Okay normally I would post the download link when I advise the tool, but here I'll advise the tools I would expect we may use here. At least to get to the point where you can download files.
Don't run or install tools until advised, but I realize you may not want to go back and forth from your neighbors, so you can get them all on disk.
The first is the Win32kDiag tool I advised earlier. Try and copy it to your desktop to run it. If you cannot then try running from the disk.
Please save this file. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.QUOTE]
I was able to save the tools to a disk.
I was able to copy the Win32Diag tool to my desktop & run it. The log from the scan was saved to my desktop but it is larger than can fit in 1 post so I'll spread it over as many as necessary because I'm not sure if it's ok to send it as an attachment.
Note: I hope I didnt mess up by running it twice. I ran it once then thought I should have done it as administrator & ran it again...thought there would be 2 logs left on desktop but there wasn't...Please let me know if I messed up or not.
Here goes with the log:
Running from: C:\Users\JeffandMom\Desktop\Win32kDiag.exe
Log file at : C:\Users\JeffandMom\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EBD.tmp\ZAP2EBD.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6673.tmp\ZAP6673.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9AF7.tmp\ZAP9AF7.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B0.tmp\ZAPA5B0.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp\ZAPB0D7.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Downloaded Program Files\CONFLICT.1\CONFLICT.1
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Downloaded Program Files\CONFLICT.2\CONFLICT.2
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Globalization\Globalization
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Help\Corporate\Corporate
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Microsoft.NET\authman\authman
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\ModemLogs\ModemLogs
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\nap\configuration\configuration
Mount point destination : \Device\__max++>\^
Found mount point : C:\Windows\Panther\setup.exe\setup.exe
Mount point destination : \Device\__max++>\^
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules