Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: continual battle with bots and malware every few months

10 Jan 2017   #1
sdowney717

Windows 7 Ultimate x64
 
 
continual battle with bots and malware every few months

So far the only thing that clears it completely is running combofix.
But it is only temporary. Just now we noticed it started being very slow... Playing a full screen video, the task bar stayed up.
Then when I went and looked at the desktop, it said it was not genuine. So I goto system and it says genuine and the not genuine message goes away. Every time I experience that, it has gotten some kind of infection which kills the performance. When I was using Cox internet I would also get email messages saying a computer on my network was acting like a part of a botnet.

I was thinking of trying AVG free instead of free Avast since Avast does not seem to keep it clean.
And I have no clue how it gets infected, all we do is watch netflix and a little browsing and mostly watch HDTV using WMC which is the only reason I even keep it as a windows 7 PC or I would have done the free win10 upgrade.


My System SpecsSystem Spec
.
10 Jan 2017   #2
sdowney717

Windows 7 Ultimate x64
 
 

Thinking some more about the last time this happened, combofix said init.exe was infected and it replaced it with a good one.
Init.exe is what runs at startup of windows. So some malware may be swapping in a bad init.exe.
Or who knows...I probably dont have this right, here it is described as malware.
init.exe - init - Trojan.Win32.Agent - Spyware Removal
My System SpecsSystem Spec
10 Jan 2017   #3
Nihal mazhar

Windows 7 home basics x64
 
 

HAve you tried malwarebytes.it can sort out most of the viruses
My System SpecsSystem Spec
.

10 Jan 2017   #4
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi Sdowney,
Have you tried the BOOT TIME scan that Avast has?

Roy
My System SpecsSystem Spec
11 Jan 2017   #5
sdowney717

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by torchwood View Post
Hi Sdowney,
Have you tried the BOOT TIME scan that Avast has?

Roy
no, I switched from Avast to Avira thinking it would be better, but still gets infected.
Thinking of trying AVG
My System SpecsSystem Spec
11 Jan 2017   #6
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
Not sure what you're doing to be getting all these viruses.... but I've been using Panda free version 17 and also have mbam pro license and haven't had any issues at all
I doubt win-10 would help if you're getting infected all of the time
Just because MS says it's the safest... windows ever doesn't mean it is
My System SpecsSystem Spec
11 Jan 2017   #7
Barman58

Windows 10 Pro x64 x2 Windows 10 Enterprise x64, Ubuntu
 
 

I would suggest you pop over to BleepingComputer.com - News, Reviews, and Technical Support and let them have a proper look at your system, solutions such as combofix are not for the general user, but need a trained operator to get the best from them. With your case I would suggest that there is some form of rootkit infection which might need a specific set of commands coded to remove, Bleeping Computer have the staff to write the scripts to remove most if not all malware infections - they also work for Free
My System SpecsSystem Spec
11 Jan 2017   #8
sdowney717

Windows 7 Ultimate x64
 
 

combofix found init.exe.vir again

malwarebytes found 15 pups

I posted the logs on bleeping computer, and I installed AVG free.

Code:
2016-11-24 12:15:37 . 2017-01-11 14:38:39              232 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24}.reg.dat
2015-02-26 03:32:58 . 2015-02-26 03:32:58                0 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2015-02-26 03:31:52 . 2015-02-26 03:31:52              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2015-02-26 03:27:24 . 2017-01-11 14:01:02            3,821 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-02-26 03:20:46 . 2017-01-11 12:40:39              204 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2010-11-21 03:23:55 . 2010-11-21 03:23:55           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\userinit.exe.vir
Code:
ComboFix 17-01-04.01 - lr 01/11/2017   7:44.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8184.3155 [GMT -5:00]
Running from: c:\users\lr\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-12-11 to 2017-01-11  )))))))))))))))))))))))))))))))
.
.
2017-01-11 14:12 . 2017-01-11 14:12	--------	d-----w-	c:\users\Public\AppData\Local\temp
2017-01-11 14:12 . 2017-01-11 14:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-12-15 19:18 . 2017-01-10 17:02	--------	d-----w-	c:\users\Public\Speedup Sessions
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-11 11:36 . 2015-02-26 03:36	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-10 10:19 . 2013-12-31 18:38	802904	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-10 10:19 . 2013-12-31 18:38	144472	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-13 15:21 . 2016-10-06 12:40	35864	----a-w-	c:\windows\system32\drivers\avusbflt.sys
2016-12-13 15:21 . 2016-08-14 19:07	176464	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2016-12-13 15:21 . 2016-08-14 19:07	148032	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-11-15 27219928]
"GoogleChromeAutoLaunch_6D68B2A0DEAB486F8A6016D1605B06C2"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-12-08 935768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-11-15 60136]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2016-12-13 917576]
"Avira System Speedup User Starter"="c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" [2016-12-13 26832]
"Avira System Speedup Tray"="c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe" [2016-12-13 159568]
.
c:\users\lr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
zSpeedup.lnk - c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe -systemready [2016-12-15 26832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 AviraPhantomVPN;Avira Phantom VPN;c:\program files (x86)\Avira\VPN\Avira.VpnService.exe;c:\program files (x86)\Avira\VPN\Avira.VpnService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys;c:\windows\SYSNATIVE\drivers\AVer88xHD64.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C615(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
R3 w7Svc;webcam 7 Service;c:\program files (x86)\webcam 7\wService.exe;c:\program files (x86)\webcam 7\wService.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 chromoting;Chrome Remote Desktop Service;c:\program files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SpeedupService;Avira System Speedup;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WMCRecordingStoragePooler;Windows Media Center Recording Storage Pooler;c:\program files (x86)\WMC Recording Storage Pooler\WMCRecordingStoragePooler.exe;c:\program files (x86)\WMC Recording Storage Pooler\WMCRecordingStoragePooler.exe [x]
S3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\DRIVERS\AVerBas.sys;c:\windows\SYSNATIVE\DRIVERS\AVerBas.sys [x]
S3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\DRIVERS\AVerCap.sys;c:\windows\SYSNATIVE\DRIVERS\AVerCap.sys [x]
S3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\DRIVERS\AVerTun.sys;c:\windows\SYSNATIVE\DRIVERS\AVerTun.sys [x]
S3 Bda8600;VBox TV Receiver, BDA Tuner Driver (DTF8600);c:\windows\system32\Drivers\Dtf8600b.sys;c:\windows\SYSNATIVE\Drivers\Dtf8600b.sys [x]
S3 BdaVb35xx;VBox Vb35xx BDA driver;c:\windows\system32\Drivers\Vb35xxB.sys;c:\windows\SYSNATIVE\Drivers\Vb35xxB.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 00:17	1384792	----a-w-	c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-31 10:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = Google
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w7Svc]
"ImagePath"="c:\program files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]    @denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]    @denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]    @denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]    @denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]    @denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]    @denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]    @denied: (Full) (Everyone)
.
Completion time: 2017-01-11  09:41:01
ComboFix-quarantined-files.txt  2017-01-11 14:40
ComboFix2.txt  2016-11-24 12:16
ComboFix3.txt  2016-08-05 17:58
ComboFix4.txt  2015-02-26 03:32
.
Pre-Run: 71,795,605,504 bytes free
Post-Run: 72,515,137,536 bytes free
.
- - End Of File - - F3F4698560AC71AF821D8B33D3FCF7F5
My System SpecsSystem Spec
11 Jan 2017   #9
sdowney717

Windows 7 Ultimate x64
 
 

I removed win7 codec pack. Felt like it might be a problem, associated with syswow64
Maybe infected, I don't need it and can not recall why I installed it either.
PC is working fine.

"codec pack update checker" prompt whenever I boot up pc leads to malware site - Am I infected? What do I do?

This line in the log also shows up in the quarantine log.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200]


2010-11-21 03:23:55 . 2010-11-21 03:23:55 26,624 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\userinit.exe.vir

Maybe the wincodec7 pack was infecting my PC over and over, not related to browsing the net at all, just resident continually on the PC, and every so often doing something bad.
My System SpecsSystem Spec
11 Jan 2017   #10
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Looks like you need to remove Avira remnants.

Instructions for manual uninstallation
My System SpecsSystem Spec
Reply

 continual battle with bots and malware every few months




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:54.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App