Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Windows Update Error 8024402F


(!)

Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
28-Oct-2012, 07:39 PM #31
That icon is odd, it appears to be the Internet Options, go into Control Panel and see if Internet Options is still there, click on it and it should show the same window as the desktop icon. If it does then right click on the desktop icon and select Delete, then just check back in Control Panel and make sure the Internet Options still works from there.

Please run this to see if there is anything that needs updating.

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Once we have dealt with anything that needs updating we can then clean up the tools used, please wait for the instructions.
peppero123's Avatar
peppero123 peppero123 is offline
Member with 31 posts.
THREAD STARTER
 
Join Date: Mar 2009
28-Oct-2012, 09:06 PM #32
I deleted the icon and internet options is still there in control panel.
below is my log:

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
29-Oct-2012, 06:04 AM #33
There are remnants of Ad-Aware still in the system, please run this to locate the files.

Please download SystemLook from one of the links below and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • Copy and paste everything in the codebox below into the main textfield:
    Code:
    :filefind
    AAWService.exe
    AAWTray.exe
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
  • Please copy and paste the contents of that log in your next reply.
peppero123's Avatar
peppero123 peppero123 is offline
Member with 31 posts.
THREAD STARTER
 
Join Date: Mar 2009
29-Oct-2012, 06:30 PM #34
Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:27 on 30/10/2012 by Cecilia
Administrator - Elevation successful

========== filefind ==========

Searching for "AAWService.exe"
No files found.

Searching for "AAWTray.exe"
No files found.

-= EOF =-
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
29-Oct-2012, 08:55 PM #35
Ok, we need to do a deeper search, run SystemLook again, copy and paste the following into the textfield.

Code:
:service
AAWService
AAWTray

:regfind
AAWService
AAWTray

:process
AAWService
AAWTray
peppero123's Avatar
peppero123 peppero123 is offline
Member with 31 posts.
THREAD STARTER
 
Join Date: Mar 2009
30-Oct-2012, 05:41 AM #36
here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 22:39 on 30/10/2012 by Cecilia
Administrator - Elevation successful

========== service ==========

AAWService - Unable to open Service Handle.

AAWTray - Unable to open Service Handle.

========== regfind ==========

Searching for "AAWService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\6AB92E0DBE815F7459E06CA5C1256D3F]
"B0B35DEDC76B4424EAA66DDFC3821DFE"="C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"

Searching for "AAWTray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\2279B436E7E84884A82093837C669AF3]
"B0B35DEDC76B4424EAA66DDFC3821DFE"="C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"

========== process ==========

AAWService - Unable to open process handle.

AAWTray - Unable to open process handle.

-= EOF =-
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
30-Oct-2012, 06:24 AM #37
Did you follow the instructions I gave to uninstall Ad-Aware in post 2? If not please do so.

Look in C:\Program Files and see if a folder called Lavasoft is present.
peppero123's Avatar
peppero123 peppero123 is offline
Member with 31 posts.
THREAD STARTER
 
Join Date: Mar 2009
30-Oct-2012, 06:50 PM #38
I did follow those initial instructions - after uninstalling, I found no folders to delete

There is no folder called Lavasoft in C:\Program Files
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
30-Oct-2012, 07:53 PM #39
All we need to do then is remove the registry entries, please post the log when done so I can check it and we can then finish the clean up.


We are now going to run ComboFix a different way.

Open Notepad by clicking on and in the Search box type: Notepad.exe and hit Enter.
Copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

Code:
KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User  Data\S-1-5-18\Components\6AB92E0DBE815F7459E06CA5C1256D3F]
"B0B35DEDC76B4424EAA66DDFC3821DFE"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User  Data\S-1-5-18\Components\2279B436E7E84884A82093837C669AF3]
"B0B35DEDC76B4424EAA66DDFC3821DFE"=-

ClearJavaCache::

Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.


  • This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
  • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
peppero123's Avatar
peppero123 peppero123 is offline
Member with 31 posts.
THREAD STARTER
 
Join Date: Mar 2009
30-Oct-2012, 10:41 PM #40
I had to re-download Combofix as it said it was expired. Below is the log:

ComboFix 12-10-30.03 - Cecilia 31/10/2012 15:15:28.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.3837.2200 [GMT 13:00]
Running from: c:\users\Cecilia\Desktop\ComboFix.exe
Command switches used :: c:\users\Cecilia\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-26 22:10 . 2012-10-26 22:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-26 22:10 . 2012-10-26 22:10 -------- d-----r- c:\program files (x86)\Skype
2012-10-26 21:38 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-26 21:38 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-26 21:38 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-26 21:36 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-26 21:36 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-10-26 21:36 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-26 21:36 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-26 21:36 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-26 21:36 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-24 08:42 . 2012-10-24 08:42 -------- d-----w- c:\users\Cecilia\AppData\Roaming\f-secure
2012-10-24 08:42 . 2012-10-24 08:42 -------- d-----w- c:\programdata\F-Secure
2012-10-24 08:20 . 2012-10-24 08:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-24 08:18 . 2012-10-24 08:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-24 08:18 . 2012-10-24 08:18 -------- d-----w- c:\program files (x86)\Java
2012-10-23 21:49 . 2012-10-23 21:49 -------- d-----w- c:\program files (x86)\ESET
2012-10-22 06:16 . 2012-10-22 06:16 -------- d-----w- c:\users\Cecilia\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 08:18 . 2010-06-15 08:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-23 09:37 . 2012-05-22 10:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-23 09:37 . 2012-05-22 10:21 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 06:54 . 2010-01-07 08:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 11:18 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-08-28 08:24 . 2012-06-22 02:22 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-24 03:43 . 2012-08-24 03:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2007-04-16 422400]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]
"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-04-10 37888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 05:18]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-14 05:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-31 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-31 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840]
"TPCHWMsg"="c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C89ADDAC-D084-4E81-B497-272CE53A6ECA}: NameServer = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\users\Cecilia\AppData\Roaming\Mozilla\Firefox\Profiles\vsvwhchv.default\
FF - ExtSQL: !HIDDEN! 2009-08-27 13:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{081230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2360693011-95739600-3344491481-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A~Ôš-N‡eW[U^]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2360693011-95739600-3344491481-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A~Ôš-N‡eW[U^\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-10-31 15:35:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-31 02:35
ComboFix2.txt 2012-10-24 22:31
.
Pre-Run: 137,068,539,904 bytes free
Post-Run: 136,853,807,104 bytes free
.
- - End Of File - - 23F83B0B610BD532DE9D29610F9613A8
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
31-Oct-2012, 04:12 AM #41
Now we just need to update a couple of items and remove all the tools used.

STEP 1
Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader 9

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.

Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.


STEP 2
Your version of Firefox is out of date, please go here and follow the instructions to get the latest version: How to update Firefox


STEP 3
To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.

  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.

To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click on Start and type Run into the search box and hit Enter.
In the Run box type: ComboFix /Uninstall (Be sure to leave a space before the forward slash).



  • Click on OK.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).

Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose Run as Administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).



Please post back when this is complete and let me know if you have had any problems.
peppero123's Avatar
peppero123 peppero123 is offline
Member with 31 posts.
THREAD STARTER
 
Join Date: Mar 2009
31-Oct-2012, 06:00 PM #42
Updated everything, ran OTC and then manually deleted Security Check, AdwCleaner, Eset, SystemLookup.

"The Internet" icon appeared again after running either defogger or combofix. I just deleted it again.

Does this finish the process? Thanks so much for your help!
Mark1956's Avatar
Malware Removal Specialist with 14,073 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
01-Nov-2012, 07:21 AM #43
Yup, that's it. I'll just leave you with this:

I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites. (This is only available for use with Internet Explorer).

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑