InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Scan Results? |
|
Answer» Sorry i didn't clarify. I am running as administrator. Ok. You will have to skip over Secunia but please make sure that Windows and Java are up-to-date.I was able to update all the other programs that came up from Secunia something is just messed up with acrobat reader. My computer makes a strange buzzing/ scraping sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another?It sounds like something is amiss in the harddrive or one of the fans. It could be just a coincidence that it started at the same time you installed a third-party Firewall. Try uninstall the firewall altogether and see what happens.Will do. Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error: Error 1402.could not open key: HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS. Verify that you have sufficient access to that key of contact support personel When i try to install the latest version of acrobat reader. I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button. I'd really need to have acrobat reader on my computer.Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop. link # 1 Link # 2 If you are using Firefox, make sure that your download settings are as follows: * Tools->Options->Main tab * Set to "Always ask me where to Save the files". Re-running ComboFix to remove infections:
ComboFix 11-04-25.02 - Admin 04/25/2011 20:43:34.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2476 [GMT -7:00] Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . . ((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 ))))))))))))))))))))))))))))))) . . 2011-04-25 18:58 . 2011-04-25 18:5828752----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys 2011-04-25 18:58 . 2011-04-11 07:047071056----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\mpengine.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-04-22 20:35 . 2011-04-22 20:36--------d-----w-c:\program files\QuickTime 2011-04-22 08:09 . 2011-04-22 08:09--------d-----w-c:\documents and settings\Matthew\Application Data\OnlineArmor 2011-04-22 06:51 . 2011-04-22 07:28--------d-----w-c:\documents and settings\All Users\Application Data\OnlineArmor 2011-04-22 06:51 . 2011-04-22 06:51--------d-----w-c:\documents and settings\Admin\Application Data\OnlineArmor 2011-04-22 06:50 . 2011-04-06 20:0239048----a-w-c:\windows\system32\drivers\oahlp32.sys 2011-04-22 06:50 . 2011-04-06 20:0129464----a-w-c:\windows\system32\drivers\OAnet.sys 2011-04-22 06:50 . 2011-04-06 20:0125192----a-w-c:\windows\system32\drivers\OAmon.sys 2011-04-22 06:50 . 2011-04-06 20:01205864----a-w-c:\windows\system32\drivers\OADriver.sys 2011-04-22 06:49 . 2011-04-22 07:26--------d-----w-c:\program files\Online Armor 2011-04-21 01:20 . 2011-04-21 01:20--------d-----w-c:\documents and settings\Admin\Application Data\Hi-Rez Studios 2011-04-21 01:18 . 2011-04-21 01:18--------d-----w-c:\documents and settings\All Users\Application Data\Hi-Rez Studios 2011-04-21 01:18 . 2011-04-21 18:46--------d-----w-c:\program files\Hi-Rez Studios 2011-04-20 19:18 . 2011-04-11 07:047071056----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-04-20 06:55 . 2011-04-20 06:55--------d-----w-c:\program files\ESET 2011-04-19 06:25 . 2010-10-19 20:51222080------w-c:\windows\system32\MpSigStub.exe 2011-04-19 06:22 . 2011-04-19 06:23--------d-----w-c:\program files\Microsoft Security Client 2011-04-17 20:03 . 2011-04-17 20:03--------d-----w-c:\program files\Ventrilo 2011-04-17 20:02 . 2011-04-21 05:17--------d-----w-c:\program files\Common Files\Wise Installation Wizard 2011-04-16 04:33 . 2011-04-16 04:33--------d-----w-c:\program files\Common Files\Java 2011-04-16 04:32 . 2011-02-03 04:40472808----a-w-c:\windows\system32\deployJava1.dll 2011-04-16 04:03 . 2011-04-16 04:03--------d-----w-c:\documents and settings\Admin\Application Data\Malwarebytes 2011-04-16 03:22 . 2011-04-16 03:22--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-15 22:35 . 2011-04-15 22:35--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-04-13 05:33 . 2011-04-13 05:33--------d-----w-c:\documents and settings\Matthew\Local Settings\Application Data\Mozilla 2011-04-13 03:06 . 2011-04-13 03:06--------d-----w-c:\documents and settings\Kary\Application Data\Wacom 2011-04-13 03:06 . 2011-04-13 03:06--------d-----w-c:\documents and settings\Kary\Application Data\WTablet 2011-04-12 23:00 . 2011-04-12 23:00--------d-----w-c:\program files\GameSpy Arcade 2011-04-12 22:57 . 2011-04-12 22:57--------d-----w-c:\program files\Irrational Games 2011-04-08 06:11 . 2010-12-02 09:12837224----a-w-c:\windows\system32\nvgenco32hda.dll 2011-04-06 10:43 . 2011-01-08 03:27941160----a-w-c:\windows\system32\nvdispco322090.dll 2011-04-06 10:43 . 2011-01-08 03:27837736----a-w-c:\windows\system32\nvgenco322040.dll 2011-04-06 09:43 . 2011-04-06 09:43--------d-----w-c:\program files\Common Files\Creative 2011-04-06 09:42 . 2011-04-06 09:44--------d--h--w-c:\program files\Creative Installation Information 2011-04-06 09:27 . 2011-04-06 09:27--------d-----w-c:\documents and settings\All Users\Application Data\Creative 2011-04-06 09:24 . 2003-06-13 06:257062----a-w-c:\windows\system32\audiopid.vxd 2011-04-06 09:24 . 2011-04-06 09:24--------d-----w-c:\program files\Common Files\Creative Labs Shared 2011-04-06 09:23 . 2011-04-06 09:23445016----a-w-c:\windows\system32\wrap_oal.dll 2011-04-06 09:23 . 2004-07-13 01:53585728----a-w-c:\windows\system32\ctaudfx.dll 2011-04-06 09:23 . 2003-11-13 10:04606208----a-w-c:\windows\system32\ctsblfx.dll 2011-04-06 09:23 . 2003-11-13 10:02114688----a-w-c:\windows\system32\commonfx.dll 2011-04-06 09:14 . 2003-11-11 01:14729088----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll 2011-04-06 09:14 . 2003-11-11 01:1369715----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll 2011-04-06 09:14 . 2003-11-11 01:12266240----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll 2011-04-06 09:14 . 2003-11-11 01:12192512----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll 2011-04-06 09:14 . 2003-11-11 01:115632----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe 2011-04-06 09:14 . 2011-04-06 09:14188548----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll 2011-04-06 09:14 . 2011-04-06 09:14311428----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll 2011-04-06 09:12 . 2011-04-06 09:12--------d-----w-c:\documents and settings\Matthew\Application Data\InstallShield Installation Information 2011-04-02 09:23 . 2011-04-02 09:23--------d-----w-c:\documents and settings\Admin\Application Data\SystemRequirementsLab 2011-04-02 09:16 . 2011-04-02 09:16--------d-----w-c:\documents and settings\Admin\Local Settings\Application Data\Mozilla 2011-04-02 01:54 . 2011-04-02 01:54--------d-----w-c:\documents and settings\Admin\Application Data\NVIDIA 2011-04-02 01:31 . 2010-11-11 23:1026216----a-w-c:\windows\system32\nvhdap32.dll 2011-04-02 01:31 . 2010-11-11 23:10100456----a-w-c:\windows\system32\drivers\nvhda32.sys 2011-04-02 01:31 . 2010-06-21 22:07232040----a-w-c:\windows\system32\nvcohda.dll 2011-04-02 01:29 . 2011-04-08 06:11252080----a-w-c:\windows\system32\nvdrsdb0.bin 2011-04-02 01:29 . 2011-04-08 06:111----a-w-c:\windows\system32\nvdrssel.bin 2011-04-02 01:29 . 2011-04-08 06:11252080----a-w-c:\windows\system32\nvdrsdb1.bin 2011-03-28 23:13 . 2011-03-28 23:17--------d-----w-c:\program files\SIW . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 09:23 . 2009-05-21 01:18109144----a-w-c:\windows\system32\OpenAL32.dll 2011-03-07 05:33 . 2009-05-20 21:35692736----a-w-c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2004-08-04 12:00434176----a-w-c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 12:001857920----a-w-c:\windows\system32\win32k.sys 2011-02-17 19:00 . 2004-08-04 12:00832512----a-w-c:\windows\system32\wininet.dll 2011-02-17 19:00 . 2004-08-04 12:0078336----a-w-c:\windows\system32\ieencode.dll 2011-02-17 19:00 . 2004-08-04 12:001830912------w-c:\windows\system32\inetcpl.cpl 2011-02-17 19:00 . 2004-08-04 12:0017408------w-c:\windows\system32\corpol.dll 2011-02-17 13:18 . 2004-08-04 12:00455936----a-w-c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 12:00357888----a-w-c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-05-22 22:185120----a-w-c:\windows\system32\xpsp4res.dll 2011-02-17 11:44 . 2004-08-04 12:00389120----a-w-c:\windows\system32\html.iec 2011-02-15 12:56 . 2004-08-04 12:00290432----a-w-c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-04 12:00270848----a-w-c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00186880----a-w-c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-04 12:00978944----a-w-c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-04 12:00974848----a-w-c:\windows\system32\mfc42u.dll 2011-02-03 02:19 . 2009-07-29 08:5173728----a-w-c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2009-05-20 21:342067456----a-w-c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2009-05-20 21:34677888----a-w-c:\windows\system32\mstsc.exe 2011-03-18 17:53 . 2011-04-02 09:16142296----a-w-c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-02-10 629336] "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "CTHelper"="CTHELPER.EXE" [2010-03-19 19456] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] . c:\documents and settings\Admin\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"= "d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"= "d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"= "d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Hi-Rez Studios\\games\\global agenda live\\Binaries\\GlobalAgenda.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 . R1 MpKsl6656390c;MpKsl6656390c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys [4/25/2011 11:58 AM 28752] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/21/2011 11:50 PM 205864] R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/21/2011 11:50 PM 39048] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/21/2011 11:50 PM 25192] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/21/2011 11:50 PM 29464] R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/8/2011 2:54 AM 401920] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/14/2011 5:28 AM 21992] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [4/13/2011 1:02 PM 23680] R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/21/2011 11:49 PM 381512] R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2/10/2011 4:04 PM 4869488] R2 TouchServicePen;Wacom CONSUMER Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2/10/2011 4:05 PM 416112] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/1/2011 6:31 PM 100456] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2/10/2011 4:04 PM 16240] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416] S3 cpuz134;cpuz134;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/6/2011 2:24 AM 79360] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176] S3 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/21/2011 11:49 PM 4326472] S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49] . 2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004Core.job - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004UA.job - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005Core.job - c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005UA.job - c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006Core.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31] . 2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006UA.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31] . 2011-04-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26] . . ------- SUPPLEMENTARY Scan ------- . uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ee30ac2q.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-25 20:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2156) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Creative\Shared Files\CTAudSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Tablet\Pen\Pen_TouchUser.exe c:\windows\system32\wscntfy.exe c:\program files\Tablet\Pen\Pen_TabletUser.exe c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-04-25 20:53:29 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-26 03:53 . Pre-Run: 169,950,330,880 bytes free Post-Run: 170,042,322,944 bytes free . - - End Of File - - 19BC45C840308F97D27905FDDB2E5623 Were you able to install Acrobat Reader?Yes I was. Thank you.Good. Carry on with your cleanup as described in Reply # 25. Please LET me know when you're done.Quote from: darthgaul on April 23, 2011, 01:32:48 PM Will do. The website for http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 moved to http://johnsonyip.com/how-to-unlock-windows-registry-permissions-tuturials.htm You can try turning off UAC and switching to the classic theme to see if it works.Quote from: SuperDave on April 26, 2011, 04:57:52 PM Good. Carry on with your cleanup as described in Reply # 25. Please let me know when you're done. All Done.Very well. I will lock this thread. If you need it re-opened, please send me a pm. |
|