Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Clicked on a Keylogger link on WoW forums.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 4th, 2008, 5:24 pm

Whoops. Sorry about that. By the way should I be closing all other windows before running the scan on HJT? Or does it not really matter? So far I have been just in case.

New HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:50 PM, on 5/4/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\KeyScrambler\keyscrambler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User '?')
O4 - HKUS\S-1-5-21-343818398-651377827-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-343818398-651377827-725345543-1004\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1811685234
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{040C73BB-3533-400B-B7AF-934FFF9BECDF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{35C27FE3-DCFE-4FE7-AA99-68E945F81BEB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A459CA3-01CF-470E-B3ED-DABF8E0E8C62}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D01127B-3620-47A2-863E-391BCB6CD662}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{040C73BB-3533-400B-B7AF-934FFF9BECDF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\..\{040C73BB-3533-400B-B7AF-934FFF9BECDF}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

--
End of file - 10148 bytes
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am
Advertisement
Register to Remove

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 4th, 2008, 5:39 pm

Yes your best to close other windows down whilst doing any scan.
If you can hold back on downloading programs before I'm finished, be appreciated I've noted the additional programs.
___________

Follow this carefully, read and digest first, I used this once before with success if we have no joy,then I will get you to Start a free Windows Update support incident request:
https://support.microsoft.com/common/in ... gprid=6527

__________

I suggest that you should download SP2 to your desktop.

There's a tool that's proved effective in restoring all necessary settings, permissions, and files to repair Windows Update issues.

Dial-a-fix

Download it to your Desktop and unzip it.

Next, open the program.

When you first open it, click the Flush Software Distribtution button. Then put a check mark next to these Options:

Under Prep - Empty temp folders
Under WU/WUAU - Stop services, Register WUAU dlls, Start services
Under SSL/HTTPS Cryptography - All
Under Registration center - All

Then click the GO button.
Next, click the Tools button.

Run these by clicking on each one, then clicking the GO button:

Flush DNS
Repair permissions
Reset WMI/WBEM/WinMgmt

______________

This is important:
Disconnect from the internet, disable your anti-virus, disable any and all anti-spyware and any firewall other than the built-in XP firewall.It's important as we don't want anything blocking by an anti-malware product such as Spybot S&D's TeaTimer, etc).

I believe these apply to your system:
Kaspersky a\v and firewall
ZoneAlarmSB

Disable spybot search & destroy\SDHelper
Open up spybot search & destroy go to mode check advanced mode.
Go to bottom left of panel and click tools then click resident
uncheck resident
SDHelper
We will need to do this in reverse to enable when fix is done
___________


Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site:HERE

Install SP2. After you have finished, you should reboot a couple of times, then make sure all your protection has been re-enabled before reconnecting to the internet. You should have lots of updates available for download and installation after you have installed SP2.

let me know how you get on and post a further HJT log.
dan

Edit: fixed a link
Last edited by dan12 on May 4th, 2008, 8:17 pm, edited 1 time in total.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 4th, 2008, 6:52 pm

Sorry about the new program things. I won't be installing anything new from now on. I just wanted some protection from keyloggers to put me at some relief about it. Before I continue down the list of things on your post though. I thought you should know that the support microsoft link doesn't work.

Also the stuff you're having me do worries me a little bit. This won't ruin my computer or anything right? Should I create a restore point before doing any of that? Also, should I delete all my previous restore points as well? I know that viruses and things like to hide in those.

And as for SP2. Do you know of a site I can download it at? I can't get it off Microsoft's site due to those issues. I could probably find one myself. But I'd feel better if I got it off something you linked.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 4th, 2008, 7:38 pm

Don't worry about the microsoft link I will sort that out for you.
This won't ruin my computer or anything right? if anything it will make it more secure!
Should I create a restore point before doing any of that?
should I delete all my previous restore points as well? I know that viruses and things like to hide in those.


I was going to do it at the end but it maybe a good time to do it now.

Create a new System Restore Point
clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
______________

Do you know of a site I can download it at? I can't get it off Microsoft's site due to those issues.


Your not updating via updates your downloding the file. :)

Here
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 4th, 2008, 7:44 pm

Should I just skip the link part then, download sp2, do the restore thing and continue on with the rest of your instructions? The whole thing with dial-a-fix and all that.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 4th, 2008, 8:20 pm

I have fixed the link but we will only want this if this fix doesn't work. so continue please. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 4th, 2008, 8:45 pm

dan12 wrote:I have fixed the link but we will only want this if this fix doesn't work. so continue please. :)


Er.. Sorry. I'm not sure what you mean. Do I follow the link first or do the dial-a-fix stuff first and see if it solves the problem?
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 4th, 2008, 9:09 pm

Don't worry about the link, I don't need you to go there just yet, I only put it in the post in case I had to put you in microsofts hands to give you further assistance.
If my fix did not work :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 4th, 2008, 9:14 pm

Alright then. I'll continue on with the dial-a-fix and all that. I'll let you know once it's all finished.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 5th, 2008, 5:00 am

Sorry for the late response. I'm trying to run cleanmgr, but it sits at Scanning: Compress Old Files. Last time I did it, it took a while. But it's been sitting there for a good hour or two. I've stopped and restarted it, but no luck. Should I just make a new system restore point and then continue on without cleaning the other points first?
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 5th, 2008, 5:45 am

ok leave that step for now as we will have something to return to should we need to,we can address this again later.
continue on with the rest of the fix please.

Was you able to download sp2? or you waiting to continue.
I'm pleased your asking before going ahead on some of these points, not knowing if your doing right. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 5th, 2008, 7:16 am

I was able to download Sp2 just fine. I ran dial-a-fix and ran into a few errors. I wrote them down for you to check out.

When clicking Flush Software Distribution, it asked me if I wanted to preserve windows update history before deleting windows update's software distribution folder. You didn't list anything about this. So I clicked yes just in case.

Also the dial-a-fix you had me download came with two files. It came with dial-a-fix and secedit. I clicked on Dial-a-fix and haven't touched the other since it wasn't mentioned.

Upon running the program I received these messages.

Under the WU/WUAU checks, when it hit Register WUAU DLLs. This error came up.

"Error 127: C:\WINDOWS\system32\qmgr.dll is not unregisterable or the file is corrupted. Your version of qmgr.dll is: 6.2.2600.1106. Please contact dial-a-fix@DjLizard.net so that an an exception can be made for your version of this file."

This came up twice. The bottom of the program said it was Reigstering msxml4.dll...

The rest of the checks ran fine.

Flush DNS ran fine.

Repair Permissions ran fine, but told me this in the little box at the bottom.

"NOTE: You do not seem to have C:\WINDOWS\system32\secedit.exe. You can download it from http://DjLizard.net/software/secedit-sfx.exe"

Reset WMI/WBEM (WinMgmt wasn’t listed next to it). This came up when I went to run it.

"Access violation at address 77C011C7 in module ‘version.dll’. Read of address 00000004."

That error came up and it didn’t seem to be running after that. It just remained on Registering wbem\cimwin32.dll for 30 minutes.


I haven't continued on with any other steps since this didn't run smoothly. These errors won't cause problems for my computer right? Like I can still turn it on and off, run it etc without something being messed up?

Edit - Oh and I made a restore point before running this just in case. I hope that's okay.

I also forgot to mention (Literally forgot until just now) that I'm not able to turn on Windows Firewall. Also sometimes the display of my bars or some buttons will look like an older version of windows instead of xp. It's usually only for a second though or some of the bar and not all of it. I'm unable to use the repair feature on my internet settings. The one where you right click local area connection and hit repair. A while back my computer would tell me I had no audio device. But that has stopped and usually fixed itself after a reboot. The only thing is that sometimes left or right side of my headphones, the sound goes out randomly and then comes back on it's own.

I'm not really sure if any of this is related. But you never know I guess.
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 5th, 2008, 7:46 am

When clicking Flush Software Distribution, it asked me if I wanted to preserve windows update history before deleting windows update's software distribution folder. You didn't list anything about this. So I clicked yes just in case.
That's fine

Also the dial-a-fix you had me download came with two files. It came with dial-a-fix and secedit. I clicked on Dial-a-fix and haven't touched the other since it wasn't mentioned.
you did correct



Error 127: C:\WINDOWS\system32\qmgr.dll is not unregisterable or the file is corrupted. Your version of qmgr.dll is: 6.2.2600.1106. Please contact dial-a-fix@DjLizard.net so that an an exception can be made for your version of this file.

This came up twice. The bottom of the program said it was Reigstering msxml4.dll...

Repair Permissions ran fine, but told me this in the little box at the bottom.
Reset WMI/WBEM (WinMgmt wasn’t listed next to it). This came up when I went to run it.

Access violation at address 77C011C7 in module ‘version.dll’. Read of address 00000004.

That error came up and it didn’t seem to be running after that. It just remained on Registering wbem\cimwin32.dll for 30 minutes.


Email them and see if they give you a different version,also just give them the errors you encountered.

NOTE: You do not seem to have C:\WINDOWS\system32\secedit.exe. You can download it from http://DjLizard.net/software/secedit-sfx.exe

Looks like you have this .exe to me, as it's in the folder.
_________

These errors won't cause problems for my computer right?

you should be fine

let me know when you get a reply if we have no joy, I will need to refer you to microsoft using the link I gave you.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby dan12 » May 5th, 2008, 7:49 am

Did you disable all antimaleware ,a\v ,firewall, spybot etc and go into safe mode for the fix?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Clicked on a Keylogger link on WoW forums.

Unread postby Dreemerz » May 5th, 2008, 7:54 am

Should I download the secedit.exe and place it into the C:\WINDOWS\system32\ folder anyway?

I also sent a email with the WU/WUAU checks error and Reset WMI/WBEM error.

Edit -
dan12 wrote:Did you disable all antimaleware ,a\v ,firewall, spybot etc and go into safe mode for the fix?


I didn't. Was I supposed to disable all my stuff first before running dial-a-fix? Your directions had that step listed after running it. If I need to run it with those disabled and/or in safe mode. Then I'll do it again.

I ran dial-a-fix first, then stopped at that step due to the errors. The next steps after that you listed involved disconnecting my net and disabling my Anti virus and any anti spyware + firewall other then window's. Should I do that and go into safe mode to try and apply the sp2 update anyway?
Dreemerz
Regular Member
 
Posts: 47
Joined: May 2nd, 2008, 12:32 am
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 150 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware