Jump to content

unable to remove Trace Registry hits


cyber2gk
 Share

Recommended Posts

I have 3 Trace Registry hits that wont be quarantined or deleted I have run both a-squared Anti-Malware and a-squared Free as well as CCleaner but they wont be destroyed any help would be appreciated I have included the a2scan, Win32kDiag, and HiJackFree logs thanks again. Forgive me if I forgot something it’s my first time posting anything.

These are the registry hits:

Trace.Registry.AdClicker!A2:

Trace: key: HKEY_USERS\s-1-5-21-507921405-412668190-725345543-1003\software\install

Trace.Registry.Viewpoint.Media Toolbar!A2:

Trace: Value :HKEY_USERS\.DEFAULT\software\Viewpoint\Content Debugger --> Viewpoint Manager

Trace: Value :HKEY_USERS\S-1-5-18\software\Viewpoint\Content Debugger --> Viewpoint Manager

Link to comment
Share on other sites

Hi cyber2gk, and welcome to the forum.

The content of a-squared's report does not meet the conditions for running Win32kDiag as the instruction stated. You don't have entries similar to:

[908] \\?\globalroot\Device\__max++>\7DE87252.x86.dll detected: Gen.Trojan!IK...
so, you shouldn't have ran Win32kDiag

At the same time you did not attach the log file by ISeeYouXP

Please add it to your next reply

You posted the report by a-squared with outdated signatures

Last update: 12/1/2009 2:55:19 AM

Update and provide fresh a-squared's Deep Scan report

My regards

Link to comment
Share on other sites

The WMI Engine appears to be damaged.

To fix a corrupted WMI repository, you have to reinstall WMI. Follow these steps:

  • Click Start, Run and type CMD
  • Type this command and press Enter:
    net stop winmgmt
  • Using Windows Explorer, navigate to %systemroot%\system32\wbem directory and delete the Repository directory. By default, the repository folder is located in the C:\Windows\system32\wbem directory.
  • Switch to Command Prompt window, and type:
    net start winmgmt

Re-registering the WMI components

The .DLL and .EXE files used by WMI are located in %windir%\system32\wbem. You might need to re-register all the .DLL and .EXE files in this directory. If you are running a 64-bit system you might also need to check for .DLLs and .EXE files in %windir%\sysWOW64\wbem.

To re-register the WMI components, run the following commands at the command prompt:

cd /d %windir%\system32\wbem

for %i in (*.dll) do RegSvr32 -s %i

for %i in (*.exe) do %i /RegServer

Attach a fresh ISeeYouXP log.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...