Hijackers, Keyloggers, and Worms oh my!
Posted 11 May 2012 - 09:43 PM
Posted 11 May 2012 - 10:03 PM
On mine it just has Default with no value. See if yours has something in it.
Run VEW and post its logs. Perhaps one of the errors will tell us what is going on.
Posted 11 May 2012 - 10:08 PM
System & App Error Logs VEW:
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 11/05/2012 11:07:14 PM
Note: All dates below are in the format dd/mm/yyyy
'Application' Log - Error Type
'System' Log - Error Type
Posted 11 May 2012 - 10:12 PM
I will look through that. Perhaps it will say something.
Going to have to quit for a while. Wife wants me to watch TV with her.
Posted 11 May 2012 - 11:42 PM
Apologies, but it is the only way I can send you a 175mb file given the restrictions. I narrowly failed reaching the 1mb limit.
disk2.gsd.txt (in following post)
Delete the .txt of the three files. Use the .exe to rejoin the two .gsd into a single compressed .7z file. Decompress the .7z into the original .txt file you requested.
Posted 12 May 2012 - 12:23 AM
We want it to be either blank or 0
Open a registry editor, such as Regedit.exe or Regedt32.exe.
Navigate to HKLM\SOFTWARE\Microsoft\Updates\
In the right navigation pane, double-click the UpdateExeVolatile key.
Configure the key with a value of 0
Close Registry Editor.
Then see if SFC /scannow will run.
Posted 12 May 2012 - 01:06 PM
Posted 12 May 2012 - 02:22 PM
Note: This key might not exist if there are no pending EXE updates
Note: This key might not exist if there are no pending filename operations needed after the reboot
I think we need to try MBSA:
You want the one that says:
Download, Save and Install it. Accept all of the defaults. Once you install it. Close all programs and Look in Start, Programs for Microsoft Baseline Security Analyzer. Scan a Computer. Start Scan. It should eventually tell you that something similar about the pending filename but it should have an option "show me how to correct this" See if that tells you anything.
Posted 12 May 2012 - 03:58 PM
Score Issue Result
Cannot load security CAB file.
Score Issue Result
Windows Firewall tests cannot be done due to an error. (0x00000001)
Only two noteworthy errors. The link it supplied was less than helpful. http://technet.micro...y/cc184922.aspx
Posted 12 May 2012 - 07:07 PM
See if the steps suggested here help with the security cab error:
Perhaps we need to reset registry permissions. Spybot's tea timer messes with them and it may not have put them back.
By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\
Please allow it to do so.
Download and Save the attached file, reset2.zip, right click on it and Extract all and copy the reset2.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
cd "\Program Files\Windows Resource Kits\Tools" reset2.cmd
Posted 12 May 2012 - 08:01 PM
Did a little research today on the nature of pre-installed Internet Explorers (and how you can't remove them), and it appears (to me, at least) that the problem exists in an unknown shared group of files between IE, Windows, and Windows Update. On this hunch, I attempted resetting Windows Update Components (omitting step 4, as instructed) http://support.microsoft.com/kb/971058
To my surprise, a number of the components it says to re-register were either missing or disabled:
Edited by Sarous, 13 May 2012 - 12:31 PM.
Posted 14 May 2012 - 12:20 PM
Copy the text in the code box:
/md5start atl.dll urlmon.dll mshtml.dll shdocvw.dll browseui.dll jscript.dll vbscript.dll scrrun.dll msxml.dll msxml3.dll msxml6.dll actxprxy.dll softpub.dll wintrust.dll dssenh.dll rsaenh.dll gpkcsp.dll sccbase.dll slbcsp.dll cryptdlg.dll oleaut32.dll ole32.dll shell32.dll initpki.dll wuapi.dll wuaueng.dll wuaueng1.dll wucltui.dll wups.dll wups2.dll wuweb.dll qmgr.dll qmgrprxy.dll wucltux.dll muweb.dll wuwebv.dll /md5stop
Run OTL (Vista or Win 7 => right click and Run As Administrator)
The log will show you if there are other copies of each file in the list and also give their md5 value so we can see if they have been compromised.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users