Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Malware-gen trojan infection


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Can you find the Combofix log from that first run? Or maybe the ComboFix-quarantined-files.txt file? Usually in a subfolder of C:\qoobox\
  • 0

Advertisements


#32
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
i think this is it

2013-09-24 16:21:42 . 2013-09-24 16:21:42 1,228 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-JoinMe.reg.dat
2013-09-24 16:21:24 . 2013-09-24 16:21:24 114 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2013-09-24 16:21:23 . 2013-09-24 16:21:23 186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2013-09-24 16:18:23 . 2013-09-24 16:18:23 73,214 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\_winspool_.drv.zip
2013-09-24 16:15:41 . 2013-09-25 16:56:41 7,837 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-09-24 16:13:37 . 2013-09-25 16:53:35 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-09-24 13:48:52 . 2013-09-25 16:52:22 317 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-08-16 00:03:12 . 2013-08-16 00:02:58 1,652 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\5c54eb1a1655b076.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 586 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\881b3593316772f0.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 663 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\7614bd6cfa99e546.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 668 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\691f14230153a9e1.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 661 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\49fbbc5a8678d502.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 1,071 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\613e8ce7ab7106af.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 366 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f2cda51fd108941f.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 622 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\227113dfa1ca894d.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 628 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\77664b6ccc36be9f.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 636 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6cb409d7ac73d9f1.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 577 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\98657d0579ae1930.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 365 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f34d8db84131d925.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 627 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d5c0f4e7bbe35bf3.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 567 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\633a76311867bd11.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 1,291 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\075884af680ff6dc.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 1,022 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d9ca663388d21ec0.fb.vir
2013-08-16 00:03:12 . 2013-08-16 00:02:58 9,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\8d6d8f6c3643e781.fb.vir
2012-09-20 09:56:09 . 2013-09-24 16:18:24 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\WINSPOOL.DRV.vir
2004-03-09 23:06:32 . 2004-03-09 23:06:32 61,952 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bszip.dll.vir
2002-12-31 12:00:00 . 2002-12-31 12:00:00 33,792 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\msgsvc.dll.vir
  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Of the stuff it removed the only thing that looks windows related is msgsvc.dll so let's check it and see if it really was bad:


Copy the path:

C:\Qoobox\Quarantine\C\WINDOWS\system32\msgsvc.dll.vir

Then
Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with spoolsv.exe chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 46 different anti-virus companies. In either case, If the Detection ratio: is not 0 / 46 then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
  • 0

#34
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
when i copied the file and hit open, the file was not spoolsv.exe. it was msgsvc.dll below is the results

SHA256: e6af051174531c24b38e73987755d366abec595476c6d17793e8dccc73f55340
SHA1: 3ad9925dd867cf0beb6cace008ec6e7ca5aea290
MD5: 986b1ff5814366d71e0ac5755c88f2d3
File size: 33.0 KB ( 33792 bytes )
File name: msgsvc.dll
File type: Win32 DLL
Tags: pedll
Detection ratio: 0 / 47
Analysis date: 2013-09-24 01:04:47 UTC ( 3 days, 15 hours ago )

1 0 More details Analysis File detail Relationships Additional information Comments Votes Antivirus Result Update
Agnitum  20130922
AhnLab-V3  20130923
AntiVir  20130923
Antiy-AVL  20130923
Avast  20130923
AVG  20130922
Baidu-International  20130923
BitDefender  20130923
Bkav  20130921
ByteHero  20130919
CAT-QuickHeal  20130923
ClamAV  20130923
Commtouch  20130923
Comodo  20130923
DrWeb  20130923
Emsisoft  20130923
ESET-NOD32  20130923
F-Prot  20130923
F-Secure  20130923
Fortinet  20130923
GData  20130923
Ikarus  20130923
Jiangmin  20130903
K7AntiVirus  20130920
K7GW  20130920
Kaspersky  20130923
Kingsoft  20130829
Malwarebytes  20130923
McAfee  20130923
McAfee-GW-Edition  20130923
Microsoft  20130923
MicroWorld-eScan  20130923
NANO-Antivirus  20130923
Norman  20130923
nProtect  20130923
Panda  20130923
PCTools  20130923
Rising  20130923
Sophos  20130923
SUPERAntiSpyware  20130921
Symantec  20130923
TheHacker  20130922
TotalDefense  20130920
TrendMicro  20130923
TrendMicro-HouseCall  20130923
VBA32  20130923
VIPRE  20130923
ViRobot  20130923
  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Not sure what Combofix thought was wrong with the file. It has the same MD5 as the one it used to replace it and 47 anti-virus companies think it is OK. In any event the file is where it is supposed to be so that's not the problem. Let's try windows repair-all-in-one


http://www.tweaking....all_in_one.html

We just need the Step where it has the same window as on the website. Make sure you check:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
  • 0

#36
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
i think this is the all in one repair log



./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[27/09/2013 11:36:26] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:29] TCP/IP Stack reset successful.
[27/09/2013 11:36:29] TCP/IP Reset log located @ [C:\Documents and Settings\Temp\Desktop\cintrepair\cintrepair\Logging\CIRReset.log]
[27/09/2013 11:36:31] TCP/IP interfaces reset successful.
[27/09/2013 11:36:32] The TCP/IP v6 protocol might not be installed.
[27/09/2013 11:36:32] Click on 'Commands' then 'Install IP6 protocol' to install TCP/IP v6.
[27/09/2013 11:36:32] You may need to restart your computer for the settings to take effect.
[27/09/2013 11:36:32] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[27/09/2013 11:36:32] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:36] Successfully reset the Winsock Catalog.
[27/09/2013 11:36:36] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[27/09/2013 11:36:36] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:36] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[27/09/2013 11:36:36] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:40] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[27/09/2013 11:36:40] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:41] Windows Event Log Service Configured.
[27/09/2013 11:36:41] Starting the Windows Event Log Service.....
[27/09/2013 11:36:41] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[27/09/2013 11:36:41] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:42] Successfully flushed DNS Resolver Cache.
[27/09/2013 11:36:42] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[27/09/2013 11:36:42] Registration of the DNS resource records has been initiated.
[27/09/2013 11:36:42] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[27/09/2013 11:36:42] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[27/09/2013 11:36:42] Repairing Internet Explorer 8.0.6001, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:36:46] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[27/09/2013 11:36:47] RegSvr32.exe: 'asctrls.ocx' registration succeeded.
[27/09/2013 11:36:47] RegSvr32.exe: 'browseui.dll' registration succeeded.
[27/09/2013 11:36:48] RegSvr32.exe: 'cdfview.dll' registration succeeded.
[27/09/2013 11:36:48] RegSvr32.exe: 'comcat.dll' registration succeeded.
[27/09/2013 11:36:48] RegSvr32.exe: 'comctl32.dll' registration succeeded.
[27/09/2013 11:36:48] RegSvr32.exe: 'corpol.dll' registration succeeded.
[27/09/2013 11:36:48] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[27/09/2013 11:36:48] RegSvr32.exe: '"C:\Program Files\Internet Explorer\custsat.dll"' Specified module not found
[27/09/2013 11:36:48] RegSvr32.exe: 'digest.dll' registration succeeded.
[27/09/2013 11:36:49] RegSvr32.exe: 'dispex.dll' registration succeeded.
[27/09/2013 11:36:49] RegSvr32.exe: 'dxtmsft.dll' registration succeeded.
[27/09/2013 11:36:49] RegSvr32.exe: 'dxtrans.dll' registration succeeded.
[27/09/2013 11:36:49] RegSvr32.exe: 'extmgr.dll' registration succeeded.
[27/09/2013 11:36:49] RegSvr32.exe: '"C:\Program Files\Internet Explorer\hmmapi.dll"' registration succeeded.
[27/09/2013 11:36:49] RegSvr32.exe: 'hlink.dll' registration succeeded.
[27/09/2013 11:36:50] RegSvr32.exe: 'ieaksie.dll' registration succeeded.
[27/09/2013 11:36:50] RegSvr32.exe: 'ieapfltr.dll' registration succeeded.
[27/09/2013 11:36:50] RegSvr32.exe: 'iedkcs32.dll' registration succeeded.
[27/09/2013 11:36:50] RegSvr32.exe: '"C:\Program Files\Internet Explorer\iedvtool.dll"' registration succeeded.
[27/09/2013 11:36:50] RegSvr32.exe: 'iedvtool.dll' Specified module not found
[27/09/2013 11:36:50] RegSvr32.exe: 'ieframe.dll' registration succeeded.
[27/09/2013 11:36:51] RegSvr32.exe: 'iepeers.dll' registration succeeded.
[27/09/2013 11:36:51] RegSvr32.exe: '"C:\Program Files\Internet Explorer\ieproxy.dll"' registration succeeded.
[27/09/2013 11:36:51] RegSvr32.exe: 'ieproxy.dll' Specified module not found
[27/09/2013 11:36:51] RegSvr32.exe: 'iesetup.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:36:51] RegSvr32.exe: 'imgutil.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:36:52] RegSvr32.exe: 'inetcpl.cpl' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:36:52] RegSvr32.exe: 'inetcpl.cpl' registration succeeded.
[27/09/2013 11:37:45] RegSvr32.exe: 'initpki.dll' registration succeeded.
[27/09/2013 11:37:45] RegSvr32.exe: 'inseng.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:46] RegSvr32.exe: 'jscript.dll' registration succeeded.
[27/09/2013 11:37:46] RegSvr32.exe: 'licmgr10.dll' registration succeeded.
[27/09/2013 11:37:46] RegSvr32.exe: 'mlang.dll' registration succeeded.
[27/09/2013 11:37:49] RegSvr32.exe: 'mobsync.dll' registration succeeded.
[27/09/2013 11:37:49] RegSvr32.exe: 'msapsspc.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:49] RegSvr32.exe: 'mscoree.dll' registration succeeded.
[27/09/2013 11:37:50] RegSvr32.exe: 'mscorier.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:50] RegSvr32.exe: 'mscories.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:50] RegSvr32.exe: 'msdbg2.dll' registration succeeded.
[27/09/2013 11:37:50] RegSvr32.exe: 'mshta.exe' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:50] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:50] RegSvr32.exe: 'mshtmled.dll' registration succeeded.
[27/09/2013 11:37:51] RegSvr32.exe: 'msident.dll' registration succeeded.
[27/09/2013 11:37:51] RegSvr32.exe: 'msieftp.dll' registration succeeded.
[27/09/2013 11:37:51] RegSvr32.exe: 'msnsspc.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:51] RegSvr32.exe: 'msr2c.dll' registration succeeded.
[27/09/2013 11:37:51] RegSvr32.exe: 'msrating.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:52] RegSvr32.exe: 'mstime.dll' registration succeeded.
[27/09/2013 11:37:52] RegSvr32.exe: 'msxml.dll' registration succeeded.
[27/09/2013 11:37:52] RegSvr32.exe: 'ole32.dll' registration succeeded.
[27/09/2013 11:37:52] RegSvr32.exe: 'oleacc.dll' registration succeeded.
[27/09/2013 11:37:52] RegSvr32.exe: 'occache.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:52] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[27/09/2013 11:37:52] RegSvr32.exe: '"C:\Program Files\Internet Explorer\pdm.dll"' registration succeeded.
[27/09/2013 11:37:53] RegSvr32.exe: 'plugin.ocx' Specified module not found
[27/09/2013 11:37:53] RegSvr32.exe: 'pngfilt.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:53] RegSvr32.exe: 'proctexe.ocx' registration succeeded.
[27/09/2013 11:37:53] RegSvr32.exe: 'scrobj.dll' Error number: 0x80070005
[27/09/2013 11:37:53] RegSvr32.exe: 'sendmail.dll' registration succeeded.
[27/09/2013 11:37:53] RegSvr32.exe: 'setupwbv.dll' Specified module not found
[27/09/2013 11:37:55] RegSvr32.exe: 'shdocvw.dll' registration succeeded.
[27/09/2013 11:37:55] RegSvr32.exe: 'tdc.ocx' registration succeeded.
[27/09/2013 11:37:55] RegSvr32.exe: 'url.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:56] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[27/09/2013 11:37:57] RegSvr32.exe: 'urlmon.dll,NI,HKLM' Specified module not found
[27/09/2013 11:37:57] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[27/09/2013 11:37:57] RegSvr32.exe: '"C:\Program Files\microsoft shared\vgx\vgx.dll"' Specified module not found
[27/09/2013 11:37:57] RegSvr32.exe: 'webcheck.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:37:57] Fixing 'New tabs page cannot display content because it cannot access the controls'.
[27/09/2013 11:37:57] This is a result of a bug in shdocvw.dll.
[27/09/2013 11:37:57] Registering Outlook Express files.....
[27/09/2013 11:37:58] RegSvr32.exe: '"C:\Program Files\Outlook Express\msoe.dll"' registration succeeded.
[27/09/2013 11:37:58] RegSvr32.exe: '"C:\Program Files\Outlook Express\oeimport.dll"' registration succeeded.
[27/09/2013 11:37:58] RegSvr32.exe: '"C:\Program Files\Outlook Express\oemiglib.dll"' registration succeeded.
[27/09/2013 11:37:59] RegSvr32.exe: '"C:\Program Files\Outlook Express\wabfind.dll"' registration succeeded.
[27/09/2013 11:37:59] RegSvr32.exe: '"C:\Program Files\Outlook Express\wabimp.dll"' registration succeeded.
[27/09/2013 11:37:59] Finished repairing Internet Explorer 8.0.6001

-----------------------------------------------------------------------------------------
[27/09/2013 11:37:59] Repairing Windows Update / Automatic Updates, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:37:59] Stopping the BITS Service.....
[27/09/2013 11:37:59] BITS Stopped Successfully.
[27/09/2013 11:37:59] Stopping the Automatic Updates (wuauserv) Service.....
[27/09/2013 11:38:00] Automatic Updates (wuauserv) Service Stopped Successfully.
[27/09/2013 11:38:00] Clearing File Stores (Update History).....
[27/09/2013 11:38:00] Clearing [C:\WINDOWS\SoftwareDistribution\Download].....
[27/09/2013 11:38:01] [C:\WINDOWS\SoftwareDistribution\Download] Cleared.
[27/09/2013 11:38:01] Clearing [C:\WINDOWS\SoftwareDistribution\DataStore].....
[27/09/2013 11:38:01] [C:\WINDOWS\SoftwareDistribution\DataStore] Cleared.
[27/09/2013 11:38:01] Clearing [C:\WINDOWS\system32\CatRoot2].....
[27/09/2013 11:38:01] [C:\WINDOWS\system32\CatRoot2] Cleared.
[27/09/2013 11:38:01] Setting BITS Security Descriptor.....
[27/09/2013 11:38:02] BITS Security Descriptor Set.
[27/09/2013 11:38:02] Setting Automatic Updates (wuauserv) Service Security Descriptor.....
[27/09/2013 11:38:02] Automatic Updates (wuauserv) Security Descriptor Set.
[27/09/2013 11:38:02] Configuring the Automatic Updates (wuauserv) Service.....
[27/09/2013 11:38:03] Automatic Updates (wuauserv) Service Configured.
[27/09/2013 11:38:03] Configuring BITS.....
[27/09/2013 11:38:03] BITS Configured.
[27/09/2013 11:38:03] Registering WUAU DLLs.....
[27/09/2013 11:38:03] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[27/09/2013 11:38:03] RegSvr32.exe: 'atl.dll' registration succeeded.
[27/09/2013 11:38:03] RegSvr32.exe: 'browseui.dll' registration succeeded.
[27/09/2013 11:38:04] RegSvr32.exe: 'corpol.dll' registration succeeded.
[27/09/2013 11:38:04] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[27/09/2013 11:38:04] RegSvr32.exe: 'dispex.dll' registration succeeded.
[27/09/2013 11:38:04] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[27/09/2013 11:38:04] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[27/09/2013 11:38:24] RegSvr32.exe: 'initpki.dll' registration succeeded.
[27/09/2013 11:38:24] RegSvr32.exe: 'jscript.dll' registration succeeded.
[27/09/2013 11:38:24] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[27/09/2013 11:38:24] RegSvr32.exe: 'msscript.ocx' registration succeeded.
[27/09/2013 11:38:25] RegSvr32.exe: 'msxml.dll' registration succeeded.
[27/09/2013 11:38:27] RegSvr32.exe: 'msxml2.dll' registration succeeded.
[27/09/2013 11:38:27] RegSvr32.exe: 'msxml3.dll' registration succeeded.
[27/09/2013 11:38:28] RegSvr32.exe: 'msxml4.dll' registration succeeded.
[27/09/2013 11:38:28] RegSvr32.exe: 'msxml6.dll' registration succeeded.
[27/09/2013 11:38:28] RegSvr32.exe: 'muweb.dll' Specified module not found
[27/09/2013 11:38:29] RegSvr32.exe: 'ole.dll' Specified module not found
[27/09/2013 11:38:29] RegSvr32.exe: 'ole32.dll' registration succeeded.
[27/09/2013 11:38:29] RegSvr32.exe: 'oleaut.dll' Specified module not found
[27/09/2013 11:38:29] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[27/09/2013 11:38:29] RegSvr32.exe: 'qmgr.dll' registration succeeded.
[27/09/2013 11:38:29] RegSvr32.exe: 'qmgrprxy.dll' registration succeeded.
[27/09/2013 11:38:29] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[27/09/2013 11:38:30] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[27/09/2013 11:38:30] RegSvr32.exe: 'sccbase.dll' registration succeeded.
[27/09/2013 11:38:30] RegSvr32.exe: 'scrobj.dll' registration succeeded.
[27/09/2013 11:38:30] RegSvr32.exe: 'scrrun.dll' registration succeeded.
[27/09/2013 11:38:30] RegSvr32.exe: 'shdocvw.dll' registration succeeded.
[27/09/2013 11:38:30] RegSvr32.exe: 'shell.dll' Specified module not found
[27/09/2013 11:38:31] RegSvr32.exe: 'shell32.dll' registration succeeded.
[27/09/2013 11:38:31] RegSvr32.exe: 'slbcsp.dll' registration succeeded.
[27/09/2013 11:38:31] RegSvr32.exe: 'softpub.dll' registration succeeded.
[27/09/2013 11:38:31] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[27/09/2013 11:38:31] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[27/09/2013 11:38:31] RegSvr32.exe: 'winhttp.dll' registration succeeded.
[27/09/2013 11:38:32] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[27/09/2013 11:38:32] RegSvr32.exe: 'wshext.dll' registration succeeded.
[27/09/2013 11:38:32] RegSvr32.exe: 'wuapi.dll' registration succeeded.
[27/09/2013 11:38:32] RegSvr32.exe: 'wuaueng.dll' Error number: 0x80070005
[27/09/2013 11:38:33] RegSvr32.exe: 'wuaueng1.dll' registration succeeded.
[27/09/2013 11:38:33] RegSvr32.exe: 'wucltui.dll' registration succeeded.
[27/09/2013 11:38:33] RegSvr32.exe: 'wucltux.dll' Specified module not found
[27/09/2013 11:38:33] RegSvr32.exe: 'wups.dll' registration succeeded.
[27/09/2013 11:38:33] RegSvr32.exe: 'wups2.dll' registration succeeded.
[27/09/2013 11:38:33] RegSvr32.exe: 'wuweb.dll' registration succeeded.
[27/09/2013 11:38:33] RegSvr32.exe: 'wuwebv.dll' Specified module not found
[27/09/2013 11:38:33] WUAU DLLs Reregistered.
[27/09/2013 11:38:33] Setting proxy to direct access.....
[27/09/2013 11:38:34] Proxy set to direct access.
[27/09/2013 11:38:34] Restarting the Automatic Updates (wuauserv) Service.....
[27/09/2013 11:38:34] Automatic Updates (wuauserv) Service Restarted.
[27/09/2013 11:38:34] Restarting the BITS Service.....
[27/09/2013 11:38:34] BITS Service Restarted.
[27/09/2013 11:38:35] Initiating Windows Updates detection right away.....
[27/09/2013 11:40:39] Finished repairing Windows Update / Automatic Updates.

-----------------------------------------------------------------------------------------
[27/09/2013 11:40:39] Repairing SSL / HTTPS / Cryptography service, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:40:39] Configuring the Cryptographic Service.....
[27/09/2013 11:40:39] Cryptographic Service Configured.
[27/09/2013 11:40:39] Stopping the Cryptographic Service.....
[27/09/2013 11:40:39] Cryptographic service Stopped Successfully.
[27/09/2013 11:40:39] Clearing [C:\WINDOWS\system32\CatRoot].....
[27/09/2013 11:40:41] [C:\WINDOWS\system32\CatRoot] cleared.
[27/09/2013 11:40:41] Re-registering SSL / HTTPS / Cryptography DLLs.....
[27/09/2013 11:40:41] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[27/09/2013 11:40:41] RegSvr32.exe: 'cryptext.dll' registration succeeded.
[27/09/2013 11:40:41] RegSvr32.exe: 'cryptui.dll' registration succeeded.
[27/09/2013 11:40:41] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[27/09/2013 11:40:42] RegSvr32.exe: 'gpkcsp.dll' registration succeeded.
[27/09/2013 11:41:02] RegSvr32.exe: 'initpki.dll' registration succeeded.
[27/09/2013 11:41:02] RegSvr32.exe: 'licdll.dll' registration succeeded.
[27/09/2013 11:41:02] RegSvr32.exe: 'mssign32.dll' registration succeeded.
[27/09/2013 11:41:02] RegSvr32.exe: 'mssip32.dll' registration succeeded.
[27/09/2013 11:41:04] RegSvr32.exe: 'regwizc.dll' registration succeeded.
[27/09/2013 11:41:04] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[27/09/2013 11:41:04] RegSvr32.exe: 'scardssp.dll' registration succeeded.
[27/09/2013 11:41:04] RegSvr32.exe: 'sccbase.dll' registration succeeded.
[27/09/2013 11:41:05] RegSvr32.exe: 'scecli.dll' registration succeeded.
[27/09/2013 11:41:06] RegSvr32.exe: 'slbcsp.dll' registration succeeded.
[27/09/2013 11:41:06] RegSvr32.exe: 'softpub.dll' registration succeeded.
[27/09/2013 11:41:06] RegSvr32.exe: 'winhttp.dll' registration succeeded.
[27/09/2013 11:41:06] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[27/09/2013 11:41:06] SSL / HTTPS / Cryptography DLLs re-registered.
[27/09/2013 11:41:06] Restarting the Cryptographic Service.....
[27/09/2013 11:41:06] Cryptographic Service restarted.
[27/09/2013 11:41:06] Finished repairing SSL / HTTPS / Cryptography service.

-----------------------------------------------------------------------------------------
[27/09/2013 11:41:06] Resetting the Windows Firewall configuraton, Please wait.....
-----------------------------------------------------------------------------------------
[27/09/2013 11:41:08] Windows Firewall configuration reset successful.
[27/09/2013 11:41:08] Finished resetting the Windows Firewall configuraton.

-----------------------------------------------------------------------------------------
[27/09/2013 11:41:09] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[27/09/2013 11:42:09] Your computer is restarting now.....

-----------------------------------------------------------------------------------------
  • 0

#37
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
sorry, the above log is from complete internet repair

i will run the tweaking windows repair now
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Sorry about that. I grabbed the wrong one and then did an edit but wasn't fast enough. It won't hurt anything.
  • 0

#39
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
the tweaking windows doesn't have any place for me to check the things you want me to check. it is a small box that asks if i want to run malware bytes or check disk. did i download the wrong program? it acts as if it is in a minimized state. i can't see any of the boxes to check.

Edited by gregahoffman, 27 September 2013 - 11:19 AM.

  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
If I remember correctly there are several steps in the tabs across the top. The 4th or 5th Step should have the picture.
  • 0

Advertisements


#41
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
i am trying to upload the screenshot in an excel format but having problems. i cannot open the tweaking program fully
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Tweak

Select a file type. jpeg

Click the Save button.

Attach Tweak.jpg to your Reply.
  • 0

#43
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
i am not able to maximize the page & the maximize button will not work
  • 0

#44
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
heres the screenshot. i forgot about paint, i have win 7 at home, snipping tool is way easier. thank you for all your help with this.

Attached Thumbnails

  • tweak.jpeg

  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,010 posts
  • MVP
Click on Step 4 or Start Repairs. One of those should bring up the right screen.

I've got to go into town now. Be off line for an hour or two.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP