Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Big troubles with computer (started today)


  • This topic is locked This topic is locked
7 replies to this topic

#1 EvilMCLMM

EvilMCLMM

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 09 September 2009 - 04:51 PM

I decided to run a couple of programs on my laptop that were supposed to help "tweak" my system and make it run faster/smoother (TuneUP Utilities 2009 & lolo memory mechanic from Crucial). Since running these programs I've noticed issues on bootup and I'm noticing new process's running on my system that are eating up CPU power & memory. Whenever I restart my computer (before my log in screen shows up) I get this following message on a blank screen;

"Checking file system on C:
The type of file system is NTFS.
Cannot open volume for direct access.
Windows has finished checking the disk
......."

After screen goes away things seem to run as normal, except that my bootup time has increased quite a bit and my system is very sluggish for a few minutes after logging in.

Whenever I bring up the Task Manager I notice these *NEW* processes;

#1. unsecapp.exe (location: C:\Windows\System32\wbem
#2. WmiPrvSE.exe (Right clicking for properties or location doesn't work)
#3. System (same as above, right clicking for info doesn't work)

I've run MalwareBytes, AVG free, and ESET NOD32 online scanner, they all claim that my system is clean. However as I've decribed above, I'm having a lot of brand new issue that just cropped up today. I've never noticed these process's before and they are eating up a lot of CPU & memory. Also, when I ran HijackThis I got the following error:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in the file, HijackThis may NOT be able to fix this."

Did I get some new "super bug" that was hidden in one of those programs, one that's evading my AV scans and causing errors with HJT ?

If so how can I get my system fixed ?

If not, what else might be going on... and how do I fix it ?

BC AdBot (Login to Remove)

 


#2 EvilMCLMM

EvilMCLMM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 09 September 2009 - 06:04 PM

Just notice that I can't update windows anymore, keep getting the following error code: 80070422

Please help me!!

Edited by EvilMCLMM, 09 September 2009 - 06:23 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:18 PM

Posted 09 September 2009 - 07:53 PM

Hello and welcome. I am Going to assume you have Vista .
If you receive one of these errors while downloading updates, the most common cause is a computer virus that has turned off the Windows Automatic Update, or another service on your computer that is needed by Windows Update. See Windows Update error 80070422

Those files appear to be in the proper location.
C:\WINDOWS\system32\wbem\unsecapp.exe
This unsecapp.exe program is a compatibility software program from Microsoft


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 EvilMCLMM

EvilMCLMM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 09 September 2009 - 09:11 PM

I've followed all the steps for getting windows update to work again, didn't work... keep getting same error.

Here is the Root Repeal log:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/09 21:51
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8F0CB000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8F0D6000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9C154000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{19888299-986c-11de-9de3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c28b88a-82a9-11de-9ff0-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c5f5b30-9b8e-11de-b84c-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c5f5b36-9b8e-11de-b84c-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c5f5b3c-9b8e-11de-b84c-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c5f5b78-9b8e-11de-b84c-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1c5f5bbb-9b8e-11de-b84c-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3513abdc-87ea-11de-bca8-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e9f2a2ba-871c-11de-91f4-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f4fcb9cd-7f72-11de-a39b-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fa462103-987c-11de-8fc3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fa46211c-987c-11de-8fc3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3513abf3-87ea-11de-bca8-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3513abfd-87ea-11de-bca8-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{45534f11-983d-11de-a2e3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{45534f1e-983d-11de-a2e3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{45534f32-983d-11de-a2e3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{45534f38-983d-11de-a2e3-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6ff14d2a-8190-11de-8dfa-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3513abe8-87ea-11de-bca8-001eec371f5c}

{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Evil\Documents\My Hidden Folders
Status: Invisible to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_

b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_n

one_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_non

e_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.76

2_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_

none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_n

one_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.

50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.30.2100.0_none

_03d8af9e7277524d.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.76

2_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365

945b9da656e4d.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9

.0.30729.1_none_9f63b3c292618dec.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8

.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.

50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_no

ne_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_

none_118a7387f9d14a82.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_no

ne_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.

50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.

50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_n

one_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.

9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b

_9.0.30729.1_none_57b67ceb7de564e6.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.

50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.

50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8

.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.30.2100.0_none_

3983779e74974f83.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.

1_none_c9dd3cb0e555217c.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1

.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.

21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Manifests\f8209ee440679adcdab198fe5262dd5ff95c1d654f488816d0f33c

8a45d5e8d8.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Manifests\5effcbd6bfe308cd94c31922a126a132ef26282a495f9fc0963000

a8e158d866.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Manifests\70f19edeeb8e3329aad18f744094ea0319d2ecc78dd6a12559a1e7

65c42418f7.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Manifests\6404bc9cb3e4e1c5b38e2b30c572adc4cfa78ac96aea8997b1e713

f62b18ca50.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\Manifests\3582cf91bea0e0e7b5f4b8a168a2e4bf248a01f764aa3c5d7c4f35

2ebc681e9d.cat
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6001.18111_none_81a10f95495

21c3e\$$DeleteMe.System.XML.dll.01ca08028c46dc7f.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7

\$$DeleteMe.atl.dll.01ca1bf6de6f8620.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-

rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.0

1c9bf2d30c71220.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6

\$$DeleteMe.urlmon.dll.01c9bf2d2ee89dc0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32

.dll.01c9bf2d2fd445e0.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836

\$$DeleteMe.lsasrv.dll.01c9bf2d2fb55400.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836

\$$DeleteMe.lsass.exe.01ca1bf6ddeefbe0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836

\$$DeleteMe.secur32.dll.01c9bf2d2fc13ae0.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-

localspl_31bf3856ad364e35_6.0.6001.18000_none_301b5dfb92ae18db\$$DeleteMe.localspl

.dll.01c9e99aeb4ca550.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-

client_31bf3856ad364e35_6.0.6001.18000_none_8ad265adc8633a42

\$$DeleteMe.inetpp.dll.01c9d8b3f4469c37.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

propsys_31bf3856ad364e35_6.0.6001.18000_none_025d66bd2e6eb866

\$$DeleteMe.propsys.dll.01ca0802999c503f.0011
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-

local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\$$DeleteMe.rpcrt4.dll.

01c9e99aeb2b5210.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18148_none_b4bfdc61d6e322f6

\$$DeleteMe.urlmon.dll.01c95c313d408810.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590

\$$DeleteMe.urlmon.dll.01c98cec620a8970.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-

digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9

\$$DeleteMe.wdigest.dll.01ca1bf6de0dedc0.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-

kerberos_31bf3856ad364e35_6.0.6001.18000_none_e6d6dd2bb0cd8ff8

\$$DeleteMe.kerberos.dll.01ca1bf6de12b080.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-

ntlm_31bf3856ad364e35_6.0.6001.18000_none_7cb2ecd3628ac318

\$$DeleteMe.msv1_0.dll.01ca1bf6de1e9760.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-

schannel_31bf3856ad364e35_6.0.6001.18000_none_22164b0e5542d6c1

\$$DeleteMe.schannel.dll.01c9a2e163aef710.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-

schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632

\$$DeleteMe.schannel.dll.01ca1bf6de177340.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813

\$$DeleteMe.shell32.dll.01c95c313e0f9fb0.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-

dll_31bf3856ad364e35_6.0.6001.18000_none_fb49535a79bca3e8

\$$DeleteMe.fastprox.dll.01c9bf2d30f90f00.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-

portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\$$DeleteMe

.PortableDeviceApi.dll.01ca0802a2aacb7f.0016
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

workstationservice_31bf3856ad364e35_6.0.6001.18000_none_cc3a17edd6d1c174

\$$DeleteMe.wkssvc.dll.01ca1bf6de639f40.0007
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6001.18111_none_c7b76ec4c15aab

b4\$$DeleteMe.mscorlib.dll.01ca08028c01d49f.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_bf5d932d312ea83f\$$DeleteMe.msco

rjit.dll.01ca08028c19a25f.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36

\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429

\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7

\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST

~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747

\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1

.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8

\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1

.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26

\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019

\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7

\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.M

AN
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.

0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6001.18000_none_ac3112

3f8ff4497c\$$DeleteMe.PresentationCore.dll.01ca08028ee3bedf.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERV

I~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2

\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523

\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949

\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERV

I~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01

\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682

\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8

\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI

~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20

\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1

\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251

\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465

\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6

\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERV

I~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0

\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4

\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045

\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERV

I~1.VRG
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine.resources_31bf3856ad364e35_6.0.6001.1800

0_en-us_8f24f96d2802db27\$$DeleteMe.tquery.dll.mui.01ca08029a34a83f.0015
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.msscb.dll.01ca080298a25fdf.000d
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.mssprxy.dll.01ca080299bda37f.0013
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.mssrch.dll.01ca080299dc955f.0014
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.msstrc.dll.01ca0802992c6f9f.0010
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.propdefs.dll.01ca080299acf9df.0012
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.SearchIndexer.exe.01ca0802990d7dbf.000f
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1

873b72f5a2088\$$DeleteMe.tquery.dll.01ca080298f5afff.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7

\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-

presentationfontcache_31bf3856ad364e35_6.0.6001.18000_none_059996cf122e11ba\$$Dele

teMe.PresentationFontCache.exe.01ca080293c7d21f.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

gdi32_31bf3856ad364e35_6.0.6001.18023_none_596c0b02495f0f52

\$$DeleteMe.gdi32.dll.01c95c313ed2d070.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-

runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696

\$$DeleteMe.iertutil.dll.01c9bf2d2f457360.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-

runtimeutilities_31bf3856ad364e35_6.0.6001.18226_none_479410098c8efa7d\$$DeleteMe.

iertutil.dll.01c9e99aea7d8db0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-

runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.

iertutil.dll.01ca0fd74f6ff8e0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-

c3_31bf3856ad364e35_6.0.6001.18000_none_0c2438bdf24a9e7b\$$DeleteMe.AcGenral.dll.0

1c95c313e3cd9d0.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989

\$$DeleteMe.wininet.dll.01c95c313db52b70.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23

\$$DeleteMe.wininet.dll.01c98cec627808b0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839

\$$DeleteMe.wininet.dll.01c9bf2d2f6203e0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20

\$$DeleteMe.wininet.dll.01c9e99aeab91010.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0

\$$DeleteMe.wininet.dll.01ca0fd74f960ee0.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18226_none_b4d37d8bd6d4b58d\$$Del

eteMe.urlmon.dll.01c9e99ae9c3e270.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-

i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$Del

eteMe.urlmon.dll.01ca0fd74ece1b60.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-

providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7

\$$DeleteMe.WmiPrvSD.dll.01c9bf2d3109b8a0.0008
Status: Locked to the Windows API!

Path:

C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18000_no

ne_24cdf96ec22363fa\$$DeleteMe.winhttp.dll.01c9bf2d314ec080.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-

runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80

\$$DeleteMe.iertutil.dll.01c98cec62629c50.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3

\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6

\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054

\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967

\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-

mscorwks_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_325e3db22ee21039

\$$DeleteMe.mscorwks.dll.01ca08028c7677ff.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRAN

S~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRAN

S~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830

\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830

\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRAN

S~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91

\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12

\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38

\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRAN

S~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0

\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71

\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97

\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487

\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~

1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~

1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542

\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49

\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-

m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49

\_SERVI~2.INI
StatuProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1304 Status: Locked to the Windows API!

SSDT
-------------------
#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32

\drivers\HMFAxCore0ad0c39557b13aeb3585f857b85005af.sys" at address 0x8ef444a8

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32

\drivers\HMFAxCore0ad0c39557b13aeb3585f857b85005af.sys" at address 0x8ef446a6

#: 218 Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\Windows\system32

\drivers\HMFAxCore0ad0c39557b13aeb3585f857b85005af.sys" at address 0x8ef4481a

==EOF==

#5 EvilMCLMM

EvilMCLMM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 09 September 2009 - 11:00 PM

I've got some other logs if they're needed (HJT & OTL)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:18 PM

Posted 10 September 2009 - 10:19 AM

You will need to post those here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.

Edited by boopme, 10 September 2009 - 10:21 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 EvilMCLMM

EvilMCLMM
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 10 September 2009 - 06:26 PM

Okay will do, thanks

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:18 PM

Posted 10 September 2009 - 08:31 PM

You're welcome. It will be a few days as we are backlogged with infection. But you Will be answered.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users