Jump to content

qrius

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

Reputation

0 Neutral
  1. qrius
    Ok... Firstly, thanks for the suggestion noknojon. I was mistaken previously when stating this was a secondhand notebook with no install dvd, it was bought new from dell website...but owner not sure if it came with a dvd...will need to hunt around for it, so will continue to follow exile360 in the meantime. I was hoping I wouldn't have to resort to that using the dvd Secondly, tried running "MGAdiag.exe" again as administrator. It didn't actually take long at all and completed without any apparent problem. However got the same error as before after pressing "Copy": "Failed to create output files, hr=0x8007000d. Please contact support." Any further ideas? Q
  2. qrius
    Ok, ran the tool which completed but was unable to save a copy of the results due to an error. I restarted and tried updating again, but without success.
  3. qrius
    Didn't try that before...but have now and still nothing happening. I've noticed that when checking for updates, it states "never" under most recent check for updates and updates installed...which isn't the case. Not sure if this means anything or not?
  4. qrius
    The process completed successfully but windows update is still not working...
  5. qrius
    Apologies for the delays There were a couple of errors that occurred will running updatefix.bat 1. The module "wuaueng.dll" was loaded but the call to DllRegisterServer failed with error code 0x80070005. For more information about this problem, search online using the error code as a search term 2. The module "wudriver.dll" was loaded but the entry-point DllRegisterServer was not found. Make sure that "wudriver.dll" is a valid DLL or OCX file then try again After it completed and restarted, Windows update still failed to work Whats next?
  6. qrius
    Ok, not much luck with this fix. It said it failed to process after starting and the issue continues Q
  7. qrius
    Apologies for the delay. I don't have access to the laptop during the week. Tried both tools but got the same error on restart. Unfortunately, the laptop is secondhand and didn't come with installation DVDs so I'm at a dead end with Microsoft it would seem. Any other pointers would be helpful
  8. qrius
    Hi I was directed here from the malware removal forum by "fenzodahl512". I keep getting this error code when trying to update windows. This has been a long standing problem (at least a few months) and now that the malware issue has been resolved, this problem remains. I've googled the error code and have got various answers, but I'm not sure which one is correct. I'm missing out on important updates so would like to resolve this isssue if possible Any ideas would be much appreciated Q
  9. qrius
    Thanks again, will do. Q
  10. qrius
    Thats good news Internet is up and running with no browser issues...Windows update screenshot is attached Not sure if this is a malware problem more than some kind of system/software error, but I'm no expert. Tried googling the error code and there are all sorts of solutions which I'm not too convinced of at the moment Any pointers would be helpful re: update, but otherwise thanks for all your help with malware removal! Cheers Q
  11. qrius
    Ok - the mbr and rootrepeal logs Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/02/24 13:09 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x8E2DA000 Size: 815104 File Visible: No Signed: - Status: - Name: mbr.sys Image Path: C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\mbr.sys Address: 0x8E3F8000 Size: 20864 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x8DA70000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\System Volume Information\{2ee94e2e-1684-11df-b37e-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{2ee94e3c-1684-11df-b37e-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3325ac14-19a1-11df-8629-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{39a02236-1d13-11df-92e8-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{563e5995-03fd-11df-b6f7-002268d3163e}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{78f286bb-1fe5-11df-9ceb-00219bcd1fe7}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{91868715-05bb-11df-8199-002268d3163e}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{d6ac9bb3-1da7-11df-86b7-002268d3163e}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Windows\System32\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\System32\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\wbem\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cd a6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b 5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8 .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d21850 4d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df5 6e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11d f268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f2 1d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f 59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_765 8964504b9f3b6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e5070 87.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f3 9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8 cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d 131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc 0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_5169 53ad0f4d16c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c 0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003 bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3c e6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_588 43c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea 1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0e bd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad. cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ab ac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddf c6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed .cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c 2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8d d7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.c at Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053 e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17 b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a 620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353cea8765257\$$DeleteMe.msasn1.dll.01ca528a859133de.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SECURI~4.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEE61C~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED8D0~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3C2~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED85F~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC362~1.XRM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.XSL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.1638 6_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.18096_none_ada2ec92b42bf87e\GLOBAL~1.COM Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_9e7d8c92dbaad42f\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_9ec248adf4fcb643\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_a0007972d91c30c4\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.22208_none_a0ed6803f1ef04ea\WORKFL~1.TAR Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~2.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.0.6001.18096_none_73691799fb94ec42\PERFCO~1.INI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES Status:Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! SSDT ------------------- #: 072 Function Name: NtCreateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0dcdc #: 073 Function Name: NtCreateProcessEx Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0dece #: 334 Function Name: NtTerminateProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0d982 #: 383 Function Name: NtCreateUserProcess Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x84b0e0d6 ==EOF== Hopefully this is useful
  12. qrius
    Ok, after a couple of attempts in safe mode and one blue screen, the scan finally worked and the log should be attached ark.zip
  13. qrius
    Unfortunately, the GMER scan could not be completed. It starts to run, but windows stated that the program had stopped working and is searching for solutions (normal boot up mode). Any ideas? (Will try in safe mode...)
  14. qrius
    The laptop seems to be running better most of the problems have been resolved except for the persistence of Windows not being able to check for updates As for the online scan - the initial attempt seemed to be going ok until the laptop shutdown on its own (battery ok) when it was about 49% done having found 1 threat - something called "INF/AutoRun.lj.7 INF virus" which was also quarantined by avira antivir personal guard running in the background I ran the scan again after rebooting and no threats were found with a very short log produced: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 Is this normal? and any ideas about Windows update? Thanks for the help so far Q
  15. qrius
    Ok, apologies for the delay...I had some problems running Combo-fix in normal boot-up mode. It seemed to do nothing for hours after starting so I decided to run it in safe mode Combofix managed to upload successfully and the log is below plus the Hijack this log ComboFix 10-02-20.03 - SYSTEM 2010-02-21 11:49:30.7.2 - x86 NETWORK Running from: c:\windows\system32\config\systemprofile\Desktop\Combo-Fix.exe Command switches used :: c:\windows\system32\config\systemprofile\Desktop\CFScript.txt file zipped: c:\windows\system32\SVKP.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\NetLogin c:\program files\NetLogin\netlogin.dll c:\windows\system32\SVKP.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SVKP -------\Legacy_UMLAHATSZLI -------\Service_dqbisrtk -------\Service_NetLogin Helper -------\Service_SVKP -------\Service_umlahatszli ((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 ))))))))))))))))))))))))))))))) . 2010-02-20 22:58 . 2010-02-20 23:01 -------- d-----w- c:\users\Krystal\AppData\Local\temp 2010-02-20 22:58 . 2010-02-20 22:58 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-20 22:58 . 2010-02-20 22:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-20 22:48 . 2010-02-20 22:48 -------- d-----w- C:\%APPDATA% 2010-02-20 22:48 . 2010-02-20 22:48 -------- d-----w- C:\32788R22FWJFW 2010-02-20 06:39 . 2010-02-20 06:39 -------- d-----w- c:\program files\Trend Micro 2010-02-20 00:05 . 2010-02-20 06:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-02-20 00:05 . 2009-03-29 20:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-20 00:05 . 2010-02-20 00:05 -------- d-----w- c:\programdata\Avira 2010-02-20 00:04 . 2010-02-20 00:04 -------- d-----w- c:\program files\Avira . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-20 05:02 . 2009-03-04 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-20 05:01 . 2009-03-04 05:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-20 01:12 . 2008-12-16 02:02 -------- d-----w- c:\program files\WordPod 2010-02-20 01:12 . 2009-03-04 03:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-20 01:12 . 2009-02-25 07:44 -------- d-----w- c:\program files\Spyware Doctor 2010-02-20 01:12 . 2009-06-07 08:44 -------- d-----w- c:\program files\QuickTime 2010-02-20 01:12 . 2009-03-26 02:17 -------- d-----w- c:\program files\PC Connectivity Solution 2010-02-20 01:12 . 2009-04-01 21:40 -------- d-----w- c:\program files\Norton Security Scan 2010-02-20 01:12 . 2008-08-27 04:23 -------- d-----w- c:\program files\Microsoft Works 2010-02-20 01:12 . 2008-10-05 23:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-20 01:11 . 2009-08-07 23:07 -------- d-----w- c:\program files\iTunes 2010-02-20 01:11 . 2008-11-22 03:25 -------- d-----w- c:\program files\Handbrake 2010-02-20 01:11 . 2008-12-31 10:05 -------- d-----w- c:\program files\FrostWire 2010-02-20 01:11 . 2008-10-25 20:34 -------- d-----w- c:\program files\DivX 2010-02-20 01:11 . 2008-08-27 19:49 -------- d-----w- c:\program files\DellTPad 2010-02-20 01:11 . 2009-02-21 23:23 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-02-20 01:11 . 2009-03-03 10:19 -------- d-----w- c:\program files\CCleaner 2010-02-20 01:11 . 2009-05-13 10:12 -------- d-----w- c:\program files\AutoUnpack 2010-02-19 22:17 . 2010-02-19 22:17 52224 ----a-w- c:\users\Krystal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-19 22:17 . 2009-04-17 23:52 117760 ----a-w- c:\users\Krystal\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-19 04:57 . 2009-03-04 05:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-19 04:54 . 2010-02-19 04:54 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-02-15 00:26 . 2008-08-27 19:49 371224 ----a-w- c:\windows\system32\hkcmd.exe 2010-02-12 01:39 . 2008-10-06 03:04 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-02-11 22:10 . 2008-12-31 10:06 -------- d-----w- c:\users\Krystal\AppData\Roaming\FrostWire 2010-02-06 04:55 . 2009-10-20 05:20 -------- d-----w- c:\programdata\AVG Security Toolbar 2010-01-21 23:21 . 2009-10-20 05:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-21 23:21 . 2009-10-20 05:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-21 23:21 . 2009-10-20 05:56 1152444 ----a-w- c:\windows\UDB.zip 2010-01-21 23:21 . 2009-10-20 05:56 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-21 23:21 . 2009-10-20 05:56 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-21 01:00 . 2009-04-27 12:12 -------- d-----w- c:\program files\Counter-Strike 1.6 2010-01-21 00:25 . 2009-05-07 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia 2010-01-21 00:25 . 2009-05-07 07:43 -------- d-----w- c:\program files\AVS4YOU 2010-01-20 05:05 . 2009-04-18 06:11 -------- d-----w- c:\programdata\Google Updater 2010-01-19 20:57 . 2010-01-01 23:25 -------- d-----w- c:\users\Krystal\AppData\Roaming\support 2010-01-13 22:12 . 2009-10-07 02:10 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-12 20:47 . 2010-01-12 20:47 -------- d-----w- c:\program files\DVDVideoSoft 2010-01-07 03:07 . 2009-03-04 05:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 03:07 . 2009-03-04 05:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 03:00 . 2008-10-19 07:03 -------- d-----w- c:\program files\Windows Live 2009-11-25 00:02 . 2010-02-06 04:55 1234176 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll 2009-10-02 08:10 . 2009-10-02 08:10 12120 ----a-w- c:\program files\Common Files\romir.db 2008-08-27 04:10 . 2008-08-27 04:10 76 --sh--r- c:\windows\CT4CET.bin 2008-08-27 19:46 . 2008-08-27 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 00:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-15 371224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2010-02-19 174872] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-01 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-02-19 3883856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-27 50688] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-11-04 10:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter] 2010-01-19 06:06 120320 ----a-w- c:\dell\E-Center\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-08-27 04:16 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-02-19 23:47 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe] 2008-03-04 05:05 36864 ----a-w- c:\windows\OEM02Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 R2 AeLookupSvcAESTFilters;Application Experience AeLookupSvcAESTFilters;c:\windows\TEMP\ujnfimmnch.exe service [x] R2 gupdate1c9bfecbe49b96a;Google Update Service (gupdate1c9bfecbe49b96a);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280] S1 AvgLdx86;AVG LinkScanner
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.