Jump to content

Yzzyxz

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you. Everything else is running extremely well now with all virus and spyware scans turning up negative.
  2. Exact message is: Windows could not search for new updates. An error occured while checking for new updates for your computer. Errors found: Code 80073712: Windows update encountered an unknown error. Most recent check for updates: Never Updates were installed: Never You receive updates: For Windows and other products from Microsoft Update
  3. Hi MrC, I ran that tool yesterday before I posted here about update not working, and also just ran it now as well. It installs fine and seems to update the computer, but when I try to run the Windows update it still brings up the same error code. It's no problem if I have to keep using the microsoft tool to update, but I'm just confused as to why the windows update from within Windows is not working at all.
  4. FSS log: Farbar Service Scanner Version: 25-02-2014 Ran by george (administrator) on 26-04-2014 at 15:56:38 Running from "C:\Users\george\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  5. Sorry, my mistake. I ran the rootkit but not the fixdamage.exe file. This has now been done and the firewall is now working. I've also installed avast as an antivirus. Windows update still will not run, giving the same error code as before. Internet Explorer also keeps coming up with error messages in the action center, with the message saying that this is most likely to do with an add-on. I've done the browser add-on check through avast and everything came up as fine there.
  6. No malware found using Malwarebytes Anti-Rootkit, but few problems found in the Action Center. Can not turn firewall on, error: 0x80070424. Can not check for Windows updates, error 80073712. There are also messages on the action centre about Java suite and Internet Explorer not working correctly, although this has most likely been resolved since installing latest version of Java.
  7. One quick problem, Windows Update is not working, even after running Microsoft Fixit and following some of the suggested steps from Microsoft. It was last updated 07/11/13 and the error code 80073712 is given. Is this a common problem for computers that have previously been infected?
  8. Thank you very much for all of your very patient, detailed and easy to follow help in sorting out my computer.

  9. Security check log: Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 7 Java version out of Date! Adobe Reader XI Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 Google Chrome 34.0.1847.116 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  10. Ran AdwCleaner and cleaned all checked files. Computer now running very well so thank you very much for that! Is there any recommended virus protection or other programs I should have running to prevent getting infected again?
  11. Temp files cleaned. Logs for AdwCleaner, Malwarebytes and RogueKiler below. Did not remove any files found from AdwCleaner yet as thought would be best to post log first before doing so. AdwCleaner log: # AdwCleaner v3.202 - Report created 25/04/2014 at 00:41:29 # Updated 23/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : george - GEORGE-PC # Running from : C:\Users\george\Desktop\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\AVG Secure Search Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found C:\ProgramData\AVG Secure Search Folder Found C:\ProgramData\AVG Security Toolbar Folder Found C:\Users\george\AppData\LocalLow\AVG Security Toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\AVG Security Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\YahooPartnerToolbar Key Found : [x64] HKCU\Software\AVG Secure Search Key Found : [x64] HKCU\Software\AVG Security Toolbar Key Found : [x64] HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Google Chrome v [ File : C:\Users\george\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof ************************* AdwCleaner[R0].txt - [3054 octets] - [25/04/2014 00:41:29] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3114 octets] ########## ---------------- MalwarebytesLog: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.24.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 george :: GEORGE-PC [administrator] 25/04/2014 00:46:49 mbam-log-2014-04-25 (00-46-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234370 Time elapsed: 3 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------ RogueKiller report: RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : george [Admin rights] Mode : Scan -- Date : 04/25/2014 00:54:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721032CLA362 ATA Device +++++ --- User --- [MBR] 8d1a0beebb8c0788d55fb1d4e1f11c77 [bSP] 4d9f22ec6f90bdfdc14f9f964362bec6 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 6000 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 12290048 | Size: 299241 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04252014_005410.txt >> RKreport[0]_D_04232014_193832.txt;RKreport[0]_D_04232014_200101.txt;RKreport[0]_S_04232014_193306.txt RKreport[0]_S_04232014_195922.txt;RKreport[0]_S_04232014_200214.txt;RKreport[0]_S_04232014_235622.txt
  12. No, I have no idea what those group policies or tasks are. None have been set by me on the computer, although I have noticed lately that a group policy message appearea which blocks me from running or uninstalling malwarebytes.
  13. Thanks MrC, The computer is running much more smoothly already. Farbar scan and additions log would not fit in this post so are attached. Addition.txt FRST.txt
  14. ComboFix would not run in normal Windows mode as it kept freezing halfway through the installation, so I had to boot into safe mode to run it. A message about AVG needing to be disabled appeared which I could not do in safe mode. In the end I uninstalled AVG before running ComboFix. Should I reinstall AVG or is there a more preferable virus scanner that I should use? I'll post the log for ComboFix below and attach the six logs from TDSSKiller. ComboFix log: ComboFix 14-04-20.01 - george 24/04/2014 10:04:55.1.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2037.1496 [GMT 1:00] Running from: c:\users\george\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\2A621000sm.pad c:\programdata\4188B500sm.pad c:\programdata\windows c:\programdata\wyarsp.dat c:\users\george\AppData\Local\bdhvhgpt.log c:\users\george\AppData\Local\dvbstftw.log c:\users\george\AppData\Local\hktiyoqu.log c:\users\george\AppData\Local\MLICNAI.DLL c:\users\george\AppData\Local\pwuhakrg.log c:\users\george\AppData\Local\ttepsjux.log c:\users\george\AppData\Local\unyvhksj.log c:\users\george\AppData\Local\vkolfrsa.log c:\users\george\AppData\Roaming\Microsoft\Windows\.data . . ((((((((((((((((((((((((( Files Created from 2014-03-24 to 2014-04-24 ))))))))))))))))))))))))))))))) . . 2014-04-24 09:11 . 2014-04-24 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-24 09:02 . 2014-04-24 09:02 -------- d-----w- c:\users\george\AppData\Roaming\TuneUp Software 2014-04-23 19:09 . 2014-04-23 22:49 -------- d-----w- C:\TDSSKiller_Quarantine 2014-04-23 18:30 . 2014-04-23 18:30 -------- d-----w- c:\windows\ERUNT 2014-04-23 14:06 . 2014-04-23 14:06 -------- d-----w- c:\program files (x86)\ESET 2014-04-22 22:15 . 2014-04-22 22:17 -------- d-----w- C:\FRST 2014-04-12 16:36 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2014-04-12 16:29 . 2014-04-12 16:29 -------- d-----w- c:\users\george\AppData\Roaming\QuickScan 2014-04-08 21:11 . 2014-04-22 20:45 -------- d-----w- c:\users\george\AppData\Local\rtusgjvt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-21 16:47 . 2012-08-30 19:00 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2014-03-11 19:26 . 2012-11-08 07:48 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-11 19:26 . 2011-10-20 21:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-12 22:18 . 2013-07-12 22:18 4188160 ----a-w- c:\program files (x86)\GUT74C4.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=MC0w∏=90&ver=10.0.1432" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 . R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x] R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys;c:\windows\SYSNATIVE\Drivers\ioatdma.sys [x] S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x] S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 19:26] . 2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 07:49] . 2014-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-08 07:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 363544] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: garmin.com\my TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKCU-Run-wyarsp - c:\programdata\wyarsp.dat Notify-mlicnai - c:\users\george\AppData\Local\mlicnai.dll SafeBoot-04958153.sys SafeBoot-60744195.sys SafeBoot-82509609.sys SafeBoot-BsScanner WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-04-24 10:14:21 ComboFix-quarantined-files.txt 2014-04-24 09:14 . Pre-Run: 253,933,203,456 bytes free Post-Run: 259,413,082,112 bytes free . - - End Of File - - 1760E0644BEB84D072D39A85D8A8F23D A36C5E4F47E84449FF07ED3517B43A31 TDSSKiller.3.0.0.32_23.04.2014_20.03.02_log.txt TDSSKiller.3.0.0.32_23.04.2014_20.03.23_log.txt TDSSKiller.3.0.0.32_23.04.2014_20.05.32_log.txt TDSSKiller.3.0.0.32_23.04.2014_20.10.19_log.txt TDSSKiller.3.0.0.32_23.04.2014_20.11.19_log.txt TDSSKiller.3.0.0.32_23.04.2014_23.52.02_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.