Jump to content

Change Mode

HJT Log


AAQueen
 Share

Recommended Posts

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Let's do this:

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    ---------------------------------------------------------------------------------------------

  • If there are Internet issues after running ComboFix:

    Internet Explorer:

    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

    Firefox:

    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:

    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari

    Launch Safari

    Go to general settings menu

    Then in Preferences/ Advanced

    Then on line click Proxies change settings ...

    Click Internet Options, then click the Connections tab, click Network Settings.

    Disable option (uncheck) for the use of proxy server ...

     

Link to comment
Share on other sites

Hi Juliet, I am so sorry for the delay but I wasn't at my mom and dad's house yesterday at all so this is the first time that I have been back to check for instructions from you. Let me see if I can go ahead and get the file error messages for you. I am also following your next set of instructions too.

Link to comment
Share on other sites

C:\Windows\system32\WindowsCodecs.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

Link to comment
Share on other sites

ComboFix File

ComboFix 14-03-05.01 - Brenda 03/08/2014 21:14:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1054 [GMT -5:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-02-09 to 2014-03-09 )))))))))))))))))))))))))))))))
.
.
2014-03-09 02:21 . 2014-03-09 02:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-09 01:41 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{173C73DB-BA7D-4536-BE0C-5014EC6A069C}\mpengine.dll
2014-03-06 22:30 . 2014-03-06 22:30 -------- d-----w- c:\program files (x86)\ESET
2014-03-05 23:26 . 2014-03-07 00:51 -------- d-----w- C:\FRST
2014-03-05 22:46 . 2014-03-05 22:46 -------- d-----w- c:\users\Brenda\AppData\Local\adawarebp
2014-03-05 22:27 . 2014-03-05 22:27 -------- d-----w- c:\windows\ERUNT
2014-03-05 22:04 . 2014-03-05 22:48 -------- d-----w- C:\AdwCleaner
2014-02-13 14:29 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 14:29 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 22:01 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 00:44 . 2013-01-12 18:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 00:44 . 2013-01-12 18:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 15:48 . 2013-02-06 00:11 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-25 23:31 . 2014-01-25 23:31 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-01-25 23:31 . 2013-03-20 22:44 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-25 23:31 . 2013-03-20 22:44 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-25 23:31 . 2013-01-12 17:13 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-25 23:31 . 2013-01-12 17:13 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-25 23:31 . 2013-01-12 17:13 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-25 23:31 . 2013-01-12 17:13 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-25 23:31 . 2013-01-12 17:13 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-25 23:31 . 2013-01-12 17:13 43152 ----a-w- c:\windows\avastSS.scr
2014-01-16 16:05 . 2014-01-16 16:06 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-16 16:05 . 2014-01-16 16:06 312744 ----a-w- c:\windows\system32\javaws.exe
2014-01-16 16:05 . 2010-05-15 06:27 189352 ----a-w- c:\windows\system32\javaw.exe
2014-01-16 16:05 . 2010-05-15 06:27 189352 ----a-w- c:\windows\system32\java.exe
2014-01-16 16:04 . 2014-01-16 16:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-19 13:11 . 2013-01-12 17:13 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-12-18 11:13 . 2013-01-12 17:16 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-25 3767096]
"Info Center"="c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2012-09-01 27328]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"PC Pitstop Diskmd3 Reminder"="c:\program files (x86)\PCPitstop\DiskMD3\Reminder-Diskmd3.exe" [2010-07-22 324280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-27 01:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.59\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-25 23:31 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-09-05 7199448]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" [2014-01-23 4114264]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\qlqcgxs4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-Quiknowledge - c:\program files (x86)\Quiknowledge\Uninstall.exe
AddRemove-Zip Extractor Packages - c:\users\Brenda\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-08 21:25:28
ComboFix-quarantined-files.txt 2014-03-09 02:25
.
Pre-Run: 250,300,080,128 bytes free
Post-Run: 249,888,952,320 bytes free
.
- - End Of File - - 1A3A6C8FB57AB0D6D70FF225C719993B
53686036AA8CEA3923D0EAD2C16B7C54

 

Link to comment
Share on other sites

It still show 2 antivirus on the computer but, I doubt thats why either one will open and run.

 

 

I think through the infections that were on the computer it's corrupted certain things.

 

Do you have a USB drive that we could work from?

Reason I ask, after I get you to run a specific search for lost/corrupted windowscodecs.dll, we have to attempt to replace it while using recovery console when the machine boots and nothing else can load.

  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
windowscodecs.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Link to comment
Share on other sites

Ok, his computer is 64 bit and I tried downloading that link first and when it wouldn't download I tried the other two. With all three of this links for Mirrors, I get the following error message:

 

C:\Users\Brenda\Desktop\SystemLook_x64(1).exe is not a valid Win32 application.

Link to comment
Share on other sites

Download the below in normal mode, then please boot into safe mode to run the tool.

 

 

Download Windows Repair (all in one) from this site

 

Install the program then run it.

 

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

 

p22001645.gif

 

 

 

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

 

p22001646.gif

 

 

 

Go to Start Repairs tab and click Start button.

 

p22001166.gif

 

 

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

 

p22001647.gif

 

Click on box next to the Restart System when Finished. Then click on Start.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Then try to boot into safe mode and use SystemLook again.

Link to comment
Share on other sites

Ok, working on this right now. The newest problem is that I can't get any of his internet browsers to open unless I am in Safe Mode, but I see on your latest instructions that you would like for me to download the program in normal mode then reboot in safe mode so I'm going to try again to restart in normal mode and I will update you momentarily as to rather or not I can access the internet in normal mode.

Link to comment
Share on other sites

SystemLook Scan Results:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:53 on 10/03/2014 by Brenda
Administrator - Elevation successful

========== filefind ==========

Searching for "windowscodecs.dll"
C:\Windows\System32\WindowsCodecs.dll --a---- 1424384 bytes [15:53 12/06/2013] [06:24 17/04/2013] E66120400A76BFC70E607FD32E94DF16
C:\Windows\SysWOW64\WindowsCodecs.dll --a---- 1230336 bytes [15:53 12/06/2013] [07:02 17/04/2013] 5B2E4E90C04FB9AE9F2C5E99FF59B283
C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7600.16385_none_f276a921bacf24a2\WindowsCodecs.dll --a---- 1189888 bytes [23:42 13/07/2009] [01:41 14/07/2009] EA99F234843BBDDA1ABD2767111ADE25
C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7601.17514_none_f4a7bce9b7bda83c\WindowsCodecs.dll --a---- 1190400 bytes [01:56 14/01/2013] [13:27 20/11/2010] 26B73A85855681500BCC25C7CD9FF5B1
C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.16492_none_e5bfce1d42e6e71d\WindowsCodecs.dll --a---- 1424384 bytes [00:23 05/04/2013] [19:15 13/01/2013] BDDF242A49E7B7DC5CCEC291BCE53ACB
C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.18135_none_e6037b4142b3c749\WindowsCodecs.dll --a---- 1424384 bytes [15:53 12/06/2013] [06:24 17/04/2013] E66120400A76BFC70E607FD32E94DF16
C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.22305_none_e6ad89b65bb91067\WindowsCodecs.dll --a---- 1424384 bytes [15:53 12/06/2013] [12:54 17/04/2013] 83BD8D78101A5CC4294A401E09C88A30
C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7600.16385_none_96580d9e0271b36c\WindowsCodecs.dll --a---- 1011200 bytes [23:29 13/07/2009] [01:16 14/07/2009] 691C8DFB208227F0CBB5C0897C742ACE
C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7601.17514_none_98892165ff603706\WindowsCodecs.dll --a---- 1010688 bytes [01:56 14/01/2013] [12:21 20/11/2010] 1DB71A41DAEE6B3F8CD0DDA8209FA2D5
C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.16492_none_89a132998a8975e7\WindowsCodecs.dll --a---- 1230336 bytes [00:23 05/04/2013] [19:43 13/01/2013] 3BCECD87AB4E6743BFB45B352AD1A529
C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.18135_none_89e4dfbd8a565613\WindowsCodecs.dll --a---- 1230336 bytes [15:53 12/06/2013] [07:02 17/04/2013] 5B2E4E90C04FB9AE9F2C5E99FF59B283
C:\Windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.22305_none_8a8eee32a35b9f31\WindowsCodecs.dll --a---- 1230336 bytes [15:53 12/06/2013] [12:33 17/04/2013] 8E5127456CB93C4A46D80106AC2EEF24

-= EOF =-

Link to comment
Share on other sites

Hi Juliet,

I have run the Windows Repair program like you asked and followed your instructions. The computer re-started and i don't see a log file from the program but there are still Windows errors like I mentioned previously. I will wait for further instruction from you and thanks again so much for your help.

Link to comment
Share on other sites

We'll try this in normal mode first, if we're not successful we have no other option but to try and run in through System Recovery.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

Replace: C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7601.17514_none_98892165ff603706\WindowsCodecs.dll C:\Windows\SysWOW64\WindowsCodecs.dll

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to comment
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Brenda at 2014-03-13 13:48:18 Run:4
Running from C:\Users\Brenda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Replace: C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7601.17514_none_98892165ff603706\WindowsCodecs.dll C:\Windows\SysWOW64\WindowsCodecs.dll
Reboot:
end
*****************

Could not find C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.1.7601.17514_none_98892165ff603706\WindowsCodecs.dll.


The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites

Please, let's try that just one more time, I must have made an error.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start

Replace: C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.18135_none_e6037b4142b3c749\WindowsCodecs.dll C:\Windows\SysWOW64\WindowsCodecs.dll

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Edited by Juliet
typo and confusion
Link to comment
Share on other sites

I have a gut feeling that is going to return with an access denied error, and if it does, let me go ahead and post the next steps what to do.

 

For the next set of instructions you will need an USB/Flash drive.

 

Farbar's Recovery Scan Tool

 

--------------------

 

For this step you will need a USB flash drive.

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.18135_none_e6037b4142b3c749\WindowsCodecs.dll C:\Windows\SysWOW64\WindowsCodecs.dll
Reboot:
end
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

 

Entering into the System Recovery Options

 

Option #1

 

To enter System Recovery Options in Windows 8:

  • If you are using Vista or Windows 7 enter System Recovery Options.
  • Option #2

     

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    Option #3

     

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next
    ----------

     

    Running Farbar's Recovery Scan Tool in System Recovery

    • Once you are in the System Recovery Options menu you will get the following options:

    Startup Repair

    System Restore

    Windows Complete PC Restore

    Windows Memory Diagnostic Tool

    Command Prompt

    • Select Command Prompt
    • In the command window type in Notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select Computer and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      • Note: Replace letter e with the drive letter of your flash drive.
    • When the tool opens click Yes to disclaimer.
    • Press Fix button.
    • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
    • Reboot your computer into Normal Mode and check the performance
Link to comment
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Brenda at 2014-03-13 20:08:23 Run:5

Running from C:\Users\Brenda\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

Replace: C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.18135_none_e6037b4142b3c749\WindowsCodecs.dll C:\Windows\SysWOW64\WindowsCodecs.dll

Reboot:

end

*****************

 

C:\Windows\SysWOW64\WindowsCodecs.dll => Moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-windowscodec_31bf3856ad364e35_7.1.7601.18135_none_e6037b4142b3c749\WindowsCodecs.dll copied successfully to C:\Windows\SysWOW64\WindowsCodecs.dll

 

The system needed a reboot.

 

==== End of Fixlog ====

Link to comment
Share on other sites

OK

Looking back over the logs I see 2 active antivirus programs on the computer,

I see Avast and AdAware antivirus.

Need to get this down to just 1.

After that reboot the computer.

 

 

Please download Farbar Service Scanner and run it on the computer.

 

Make sure the following options are checked:

  • Internet Services

    Windows Firewall

    System Restore

    Security Center

    Windows Update

  • Press "Scan".

    It will create a log (FSS.txt) in the same directory the tool is run.

    Please copy and paste the log to your reply.

     

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...