This topic is lockedAfter running fixit, it seems to have fixed 2 things, but failed on repairing one.
http://i.imgur.com/Uh0nZqp.png?1
After that i tried to download windows updates but failed.
Edited by fartuditu, 16 November 2013 - 03:30 PM.
Need help, csrsc, linvdqay [Solved]
Started by
fartuditu
, Nov 10 2013 02:48 PM
#31
Posted 16 November 2013 - 03:27 PM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
After running fixit, it seems to have fixed 2 things, but failed on repairing one.
http://i.imgur.com/Uh0nZqp.png?1
After that i tried to download windows updates but failed.
#32
Posted 16 November 2013 - 04:30 PM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
I noticed i didn't install updates for .net 3.5, so i updated it as stated on this page:
http://www.microsoft...s.aspx?id=25150
I restarted pc and run fixit, this time with svchost on, and same thing happened. I tried to get solution via fixit later on, but couldn't.
Also this might be insignificant, but i have some services disabled from while ago, so i'll list them as maybe enabling some might be part of the solution.
http://i.imgur.com/zM2W1GX.png
http://www.microsoft...s.aspx?id=25150
I restarted pc and run fixit, this time with svchost on, and same thing happened. I tried to get solution via fixit later on, but couldn't.
Also this might be insignificant, but i have some services disabled from while ago, so i'll list them as maybe enabling some might be part of the solution.
http://i.imgur.com/zM2W1GX.png
#33
Posted 16 November 2013 - 05:22 PM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Could you please run the attached batch file. It should generate a log file for you to post.
Then please run FSS again.
Does windows updates throw an error code?
Then please run FSS again.
Does windows updates throw an error code?
Attached Files
-
updatefix2.bat 2.92KB
166 downloads
#34
Posted 16 November 2013 - 05:28 PM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
Sorry, i don't understand which batch file. Can you please explain where to find it?
So far i didn't get windows reports, but i just set error report service on automatic, so i might get those in the future. I seem to have disabled that service some time ago, sorry about that.
edit: i was quick to post - i see batch file now. I'll run it and FSS afterwards, thanks.
So far i didn't get windows reports, but i just set error report service on automatic, so i might get those in the future. I seem to have disabled that service some time ago, sorry about that.
edit: i was quick to post - i see batch file now. I'll run it and FSS afterwards, thanks.
Edited by fartuditu, 16 November 2013 - 05:29 PM.
#35
Posted 16 November 2013 - 05:41 PM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
I noticed these while file was running:
mshtml.dll had no entry point
LoadLibrary("wucltux.dll") failed - the specified module could not be found.
LoadLibrary("muweb.dll") failed - the specified module could not be found.
LoadLibrary("wuwebv.dll") failed - the specified module could not be found.
After i ran batch file and FSS, i tried to update windows, but it's the same as before, and no error code appears.
Here are the logs:
The @%SystemRoot%\system32\qmgr.dll,-1000 service is stopping.
The @%SystemRoot%\system32\qmgr.dll,-1000 service was stopped successfully.
The Automatic Updates service is not started.
More help is available by typing NET HELPMSG 3521.
The @%SystemRoot%\system32\qmgr.dll,-1000 service is starting.
The @%SystemRoot%\system32\qmgr.dll,-1000 service was started successfully.
The Automatic Updates service is starting.
The Automatic Updates service was started successfully.
Farbar Service Scanner Version: 10-11-2013
Ran by Sisavac (administrator) on 17-11-2013 at 00:37:02
Running from "C:\Documents and Settings\Sisavac\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
**** End of log ****
mshtml.dll had no entry point
LoadLibrary("wucltux.dll") failed - the specified module could not be found.
LoadLibrary("muweb.dll") failed - the specified module could not be found.
LoadLibrary("wuwebv.dll") failed - the specified module could not be found.
After i ran batch file and FSS, i tried to update windows, but it's the same as before, and no error code appears.
Here are the logs:
The @%SystemRoot%\system32\qmgr.dll,-1000 service is stopping.
The @%SystemRoot%\system32\qmgr.dll,-1000 service was stopped successfully.
The Automatic Updates service is not started.
More help is available by typing NET HELPMSG 3521.
The @%SystemRoot%\system32\qmgr.dll,-1000 service is starting.
The @%SystemRoot%\system32\qmgr.dll,-1000 service was started successfully.
The Automatic Updates service is starting.
The Automatic Updates service was started successfully.
Farbar Service Scanner Version: 10-11-2013
Ran by Sisavac (administrator) on 17-11-2013 at 00:37:02
Running from "C:\Documents and Settings\Sisavac\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
**** End of log ****
#36
Posted 16 November 2013 - 07:53 PM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
I noticed stopping automatic updates under services.msc would make cpu usage go back to normal. I searched a little, but didn't find much. Perhaps 2 following links might help:
http://download.wsusoffline.net/
http://www.microsoft...s.aspx?id=41074
http://download.wsusoffline.net/
http://www.microsoft...s.aspx?id=41074
#37
Posted 17 November 2013 - 03:35 AM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
Today when i started pc, i had tray icon, offering me to install windows updates. I thought that was great, but then like web page, it offered express and custom install, so i picked express and svchost started consuming all processor. I'll leave it like this for an hour if needed, but as i read on internet, it shouldn't consume all cpu longer than some 10 minutes.
edit: Seems it's working after all!
http://i.imgur.com/02vqE8q.png
edit: Seems it's working after all!
http://i.imgur.com/02vqE8q.png
Edited by fartuditu, 17 November 2013 - 04:24 AM.
#38
Posted 17 November 2013 - 04:45 AM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
It seems to have finished, but basically did nothing as far as i can see. Btw i'm pretty sure i have original windows, i remember activating it when i installed it, and not registering it.
Here's the WindowsUpdare.log:
https://www.dropbox....wsUpdate.log?m=
I got bunch of update logs in WINDOWS folder in c, and all look like this one:
[KB2757638.log]
1.203: ================================================================================
1.203: 2013/11/17 11:20:38.171 (local)
1.203: C:\WINDOWS\SoftwareDistribution\Download\8d5c064017e0422c40e1778dee6b884c\update\update.exe (version 6.3.13.0)
1.218: Hotfix started with following command line: /si /ParentInfo:e57c3c05328c2244bd3aa3d213e3101e
1.218: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.359: ---- Old Information In The Registry ------
1.359: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.359: Destination:
1.359: ---- New Information In The Registry ------
1.359: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.359: Destination:
1.375: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.375: SetProductTypes: InfProductBuildType=BuildType.IP
1.390: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.406: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB2757638$
1.406: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.421: ref tag c:\windows\system32\sp4.cab does not exist
1.421: ref tag c:\windows\system32\sp3.cab does not exist
1.421: ref tag c:\windows\system32\sp2.cab does not exist
1.421: ref tag c:\windows\system32\sp1.cab does not exist
1.421: ref tag c:\windows\system32\driver.cab does not exist
1.421: ref tag c:\windows\system32\fp40ext.cab does not exist
1.421: ref tag c:\windows\system32\fp40ext1.cab does not exist
1.421: ref tag c:\windows\system32\wms4.cab does not exist
1.421: ref tag c:\windows\system32\wms41.cab does not exist
1.421: ref tag c:\windows\system32\ims.cab does not exist
1.421: ref tag c:\windows\system32\ims1.cab does not exist
1.421: ref tag c:\windows\system32\ins.cab does not exist
1.421: ref tag c:\windows\system32\ins1.cab does not exist
1.421: Starting AnalyzeComponents
1.421: AnalyzePhaseZero used 0 ticks
1.421: No c:\windows\INF\updtblk.inf file.
1.421: OEM file scan used 0 ticks
1.578: AnalyzePhaseOne: used 157 ticks
1.578: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.578: AnalyzeComponents: Hotpatching is disabled.
1.578: FindFirstFile c:\windows\$hf_mig$\*.*
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.609: AnalyzeForBranching used 31 ticks.
1.609: AnalyzePhaseTwo used 0 ticks
1.609: AnalyzePhaseThree used 0 ticks
1.625: AnalyzePhaseFive used 16 ticks
1.625: AnalyzePhaseSix used 0 ticks
1.625: AnalyzeComponents used 204 ticks
1.625: Downloading 2 files
1.625: bPatchMode = TRUE
1.625: Inventory complete: ReturnStatus=0, 219 ticks
1.625: Num Ticks for invent : 219
1.640: [dumpDownloadTask] Update.exe posting request file to download a total of 492647 bytes (492647 bytes in patches and 0 bytes in fallbacks)
1.640: dumpDownloadTask returned 0xf200 (more files to download)
1.671: KB2757638 installation did not complete.
1.671: Update.exe extended error code = 0xf200
1.172: ================================================================================
1.172: 2013/11/17 11:35:43.812 (local)
1.172: C:\WINDOWS\SoftwareDistribution\Download\8d5c064017e0422c40e1778dee6b884c\update\update.exe (version 6.3.13.0)
1.172: Hotfix started with following command line: /si /ParentInfo:c924ac2596bc0146bc988bb781e01838
1.172: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.313: ---- Old Information In The Registry ------
1.313: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.313: Destination:
1.313: ---- New Information In The Registry ------
1.313: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.313: Destination:
1.313: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.313: SetProductTypes: InfProductBuildType=BuildType.IP
1.313: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.344: Express: 492,647 bytes were downloaded.
1.579: [PatchFilesFromResponseBlob] returning STATUS_READY_TO_INSTALL
1.610: KB2757638 installation did not complete.
1.610: Update.exe extended error code = 0xf201
Here's the WindowsUpdare.log:
https://www.dropbox....wsUpdate.log?m=
I got bunch of update logs in WINDOWS folder in c, and all look like this one:
[KB2757638.log]
1.203: ================================================================================
1.203: 2013/11/17 11:20:38.171 (local)
1.203: C:\WINDOWS\SoftwareDistribution\Download\8d5c064017e0422c40e1778dee6b884c\update\update.exe (version 6.3.13.0)
1.218: Hotfix started with following command line: /si /ParentInfo:e57c3c05328c2244bd3aa3d213e3101e
1.218: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.359: ---- Old Information In The Registry ------
1.359: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.359: Destination:
1.359: ---- New Information In The Registry ------
1.359: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.359: Destination:
1.375: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.375: SetProductTypes: InfProductBuildType=BuildType.IP
1.390: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.406: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB2757638$
1.406: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.421: ref tag c:\windows\system32\sp4.cab does not exist
1.421: ref tag c:\windows\system32\sp3.cab does not exist
1.421: ref tag c:\windows\system32\sp2.cab does not exist
1.421: ref tag c:\windows\system32\sp1.cab does not exist
1.421: ref tag c:\windows\system32\driver.cab does not exist
1.421: ref tag c:\windows\system32\fp40ext.cab does not exist
1.421: ref tag c:\windows\system32\fp40ext1.cab does not exist
1.421: ref tag c:\windows\system32\wms4.cab does not exist
1.421: ref tag c:\windows\system32\wms41.cab does not exist
1.421: ref tag c:\windows\system32\ims.cab does not exist
1.421: ref tag c:\windows\system32\ims1.cab does not exist
1.421: ref tag c:\windows\system32\ins.cab does not exist
1.421: ref tag c:\windows\system32\ins1.cab does not exist
1.421: Starting AnalyzeComponents
1.421: AnalyzePhaseZero used 0 ticks
1.421: No c:\windows\INF\updtblk.inf file.
1.421: OEM file scan used 0 ticks
1.578: AnalyzePhaseOne: used 157 ticks
1.578: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.578: AnalyzeComponents: Hotpatching is disabled.
1.578: FindFirstFile c:\windows\$hf_mig$\*.*
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.578: KB2757638 Setup encountered an error: The update.ver file is not correct.
1.609: AnalyzeForBranching used 31 ticks.
1.609: AnalyzePhaseTwo used 0 ticks
1.609: AnalyzePhaseThree used 0 ticks
1.625: AnalyzePhaseFive used 16 ticks
1.625: AnalyzePhaseSix used 0 ticks
1.625: AnalyzeComponents used 204 ticks
1.625: Downloading 2 files
1.625: bPatchMode = TRUE
1.625: Inventory complete: ReturnStatus=0, 219 ticks
1.625: Num Ticks for invent : 219
1.640: [dumpDownloadTask] Update.exe posting request file to download a total of 492647 bytes (492647 bytes in patches and 0 bytes in fallbacks)
1.640: dumpDownloadTask returned 0xf200 (more files to download)
1.671: KB2757638 installation did not complete.
1.671: Update.exe extended error code = 0xf200
1.172: ================================================================================
1.172: 2013/11/17 11:35:43.812 (local)
1.172: C:\WINDOWS\SoftwareDistribution\Download\8d5c064017e0422c40e1778dee6b884c\update\update.exe (version 6.3.13.0)
1.172: Hotfix started with following command line: /si /ParentInfo:c924ac2596bc0146bc988bb781e01838
1.172: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.313: ---- Old Information In The Registry ------
1.313: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.313: Destination:
1.313: ---- New Information In The Registry ------
1.313: Source:C:\WINDOWS\system32\Macromed\Flash\Flash32_11_9_900_117.ocx (11.9.900.117)
1.313: Destination:
1.313: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.313: SetProductTypes: InfProductBuildType=BuildType.IP
1.313: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.344: Express: 492,647 bytes were downloaded.
1.579: [PatchFilesFromResponseBlob] returning STATUS_READY_TO_INSTALL
1.610: KB2757638 installation did not complete.
1.610: Update.exe extended error code = 0xf201
#39
Posted 18 November 2013 - 03:18 AM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
When i tried to turn off computer, it gave me an option to install updates, so i allowed him. It tried to install 143 updates i think. I think though nothing happened. Here's the windows update log again.
https://www.dropbox....wsUpdate.log?m=
After updates were downloaded yesterday, i had no problem with 100% cpu.
https://www.dropbox....wsUpdate.log?m=
After updates were downloaded yesterday, i had no problem with 100% cpu.
#40
Posted 18 November 2013 - 07:48 AM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
So, it seems to have downloaded but not installed? Strange, as the logs are showing a BITS error.
I think we need to try the big hammer:
Download ComboFix from one of the following locations:
Link 1
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Also please make sure to take note of anything ComboFix says during the course of its run especially if related to your infection and report to me in your next post.
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
I think we need to try the big hammer:
Download ComboFix from one of the following locations:
Link 1
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Also please make sure to take note of anything ComboFix says during the course of its run especially if related to your infection and report to me in your next post.
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks - if the update succeeds combofix will restart - if not it will continue with the current copy
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
#41
Posted 18 November 2013 - 10:46 AM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
I don't know how to check if updates are installed. I just guessed form looking at log. I ran ComboFix and didn't notice anything unusual during its run. Here's the log:
ComboFix 13-11-18.01 - Sisavac 11/18/2013 17:32:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.644 [GMT 1:00]
Running from: c:\documents and settings\Sisavac\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASC3360PR
.
.
((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-13 19:11 . 2013-11-13 19:11 -------- d-----w- C:\_OTL
2013-11-12 21:06 . 2013-11-12 21:06 171344 ----a-w- C:\kidokiller.exe
2013-11-12 14:48 . 2008-08-14 16:35 -------- d-----w- C:\Sality_RegKeys
2013-11-12 14:31 . 2010-11-12 09:13 171344 ----a-w- C:\SalityKiller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-12 14:47 . 2013-11-12 14:47 6396 ----a-w- C:\sality_regkeys.zip
2013-11-12 14:31 . 2013-11-12 14:31 164134 ----a-w- C:\salitykiller.zip
2013-10-13 07:25 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2006-02-28 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2006-02-28 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2006-02-28 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-08-29 01:31 . 2006-02-28 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-12 1982312]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sisavac^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Sisavac\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\Sisavac\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=
"c:\\Documents and Settings\\Sisavac\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5406:TCP"= 5406:TCP:gcpfvbh
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/9/2013 2:33 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/9/2013 2:33 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/9/2013 2:33 PM 22856]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kongregate.com/games/nexoncls/cloudstone
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{CB12A8FE-078E-4D2A-99AD-120274A5ADA9}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\documents and settings\Sisavac\Application Data\Mozilla\Firefox\Profiles\nc6hoehs.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-22 13:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Sisavac\Application Data\Mozilla\Firefox\Profiles\nc6hoehs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-16 21:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WININET.dll
c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2013-11-18 17:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-18 16:43
ComboFix2.txt 2013-11-10 00:34
.
Pre-Run: 13,294,624,768 bytes free
Post-Run: 14,372,974,592 bytes free
.
- - End Of File - - 8635ED319B75380A9EFC4657AF891365
8F558EB6672622401DA993E1E865C861
ComboFix 13-11-18.01 - Sisavac 11/18/2013 17:32:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.644 [GMT 1:00]
Running from: c:\documents and settings\Sisavac\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASC3360PR
.
.
((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 )))))))))))))))))))))))))))))))
.
.
2013-11-13 19:11 . 2013-11-13 19:11 -------- d-----w- C:\_OTL
2013-11-12 21:06 . 2013-11-12 21:06 171344 ----a-w- C:\kidokiller.exe
2013-11-12 14:48 . 2008-08-14 16:35 -------- d-----w- C:\Sality_RegKeys
2013-11-12 14:31 . 2010-11-12 09:13 171344 ----a-w- C:\SalityKiller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-12 14:47 . 2013-11-12 14:47 6396 ----a-w- C:\sality_regkeys.zip
2013-11-12 14:31 . 2013-11-12 14:31 164134 ----a-w- C:\salitykiller.zip
2013-10-13 07:25 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2006-02-28 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2006-02-28 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2006-02-28 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-08-29 01:31 . 2006-02-28 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-11-12 1982312]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sisavac^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Sisavac\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ImapiService"=3 (0x3)
"RemoteRegistry"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Documents and Settings\\Sisavac\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\nview\\nwiz.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\crashreporter.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamscheduler.exe"=
"c:\\Documents and Settings\\Sisavac\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5406:TCP"= 5406:TCP:gcpfvbh
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/9/2013 2:33 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/9/2013 2:33 PM 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/9/2013 2:33 PM 22856]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kongregate.com/games/nexoncls/cloudstone
TCP: DhcpNameServer = 95.180.0.18 95.180.1.2
TCP: Interfaces\{CB12A8FE-078E-4D2A-99AD-120274A5ADA9}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\documents and settings\Sisavac\Application Data\Mozilla\Firefox\Profiles\nc6hoehs.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-22 13:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Sisavac\Application Data\Mozilla\Firefox\Profiles\nc6hoehs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-16 21:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-18 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(272)
c:\windows\system32\WININET.dll
c:\documents and settings\Sisavac\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2013-11-18 17:43:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-18 16:43
ComboFix2.txt 2013-11-10 00:34
.
Pre-Run: 13,294,624,768 bytes free
Post-Run: 14,372,974,592 bytes free
.
- - End Of File - - 8635ED319B75380A9EFC4657AF891365
8F558EB6672622401DA993E1E865C861
#42
Posted 18 November 2013 - 10:57 AM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
Did you try again after ComboFix?
When you visit the update website, does it still find updates for your computer?
When you visit the update website, does it still find updates for your computer?
#43
Posted 18 November 2013 - 11:49 AM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
I went to update page now, and had to install activex i think, after which i was redirected here:
http://i.imgur.com/zeBsoW3.png
I didn't donload Security Essentials though. I went again to update page and got this:
http://i.imgur.com/evncZVH.png
So i let it download and install 4 updates and reboot. I guess Automatic updates did the job after all? Thanks for all the help about removing viruses and helping me get sp3 along with updates. What should i do next?
http://i.imgur.com/zeBsoW3.png
I didn't donload Security Essentials though. I went again to update page and got this:
http://i.imgur.com/evncZVH.png
So i let it download and install 4 updates and reboot. I guess Automatic updates did the job after all? Thanks for all the help about removing viruses and helping me get sp3 along with updates. What should i do next?
#44
Posted 18 November 2013 - 12:40 PM
Buddierdl
-
- Malware Removal
-
- 2,524 posts
Trusted Helper
It looks like it went through. Now if you go to the website, it should say "up to date."
You should really consider getting an anti-virus to protect your computer. I would recommend Microsoft Security Essentials, since it is light-weight and you are concerned about resources. I notice that you have MBAM, and it is a good program too, but it is not a anti-virus.
Let's run an online scan to check for anything that may have been missed, then we can clean up.
Step 1: Run SecurityCheck
Download Security Check by screen317 from here or here.
Step 2: Run online scan.
Run ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Things I need in your next reply:
You should really consider getting an anti-virus to protect your computer. I would recommend Microsoft Security Essentials, since it is light-weight and you are concerned about resources. I notice that you have MBAM, and it is a good program too, but it is not a anti-virus.
Let's run an online scan to check for anything that may have been missed, then we can clean up.
Step 1: Run SecurityCheck
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Step 2: Run online scan.
Run ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Things I need in your next reply:
- SecurityCheck log
- ESET log
- Any outstanding problems?
#45
Posted 18 November 2013 - 03:14 PM
fartuditu
- Topic Starter
-
- Member
-
- 30 posts
Member
I got distracted by the end of scanning process, so i failed to save log. I'll start the scan tomorrow morning, and will post, but from what i've sen, it detected nothing. I downloaded Security Essentials, and will install it and run after tomorrow's eset scan. I didn't notice any sort of problems. Here's the log from SecurityCheck:
Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Java SE Development Kit 7 Update 45
Adobe Flash Player 11.9.900.117
Mozilla Firefox 24.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Java SE Development Kit 7 Update 45
Adobe Flash Player 11.9.900.117
Mozilla Firefox 24.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
