Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

251.

Solve : Scan Results?

Answer»

Sorry i didn't clarify. I am running as administrator. Ok. You will have to skip over Secunia but please make sure that Windows and Java are up-to-date.I was able to update all the other programs that came up from Secunia something is just messed up with acrobat reader.

Windows and Java are up to date.

I was able to remove all the other programs we used also.

One thing I'm noticing it it takes a lot longer for my computer to login to a account (admin or matthew) since I have loaded a 3rd party firewall (Online Armor). My computer makes a strange buzzing/ SCRAPING sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another? Quote

My computer makes a strange buzzing/ scraping sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another?

It sounds like something is amiss in the harddrive or one of the fans. It could be just a coincidence that it started at the same time you installed a third-party Firewall. Try uninstall the firewall altogether and see what happens.Will do.

Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error:
Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel
When i try to install the latest version of acrobat reader.

I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button.

I'd really need to have acrobat reader on my computer.Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Post the ComboFix log in your next reply.

Please try to install Acrobat Reader now.That worked! you are fricking amazing. Thank you very much. Here is the log:

ComboFix 11-04-25.02 - Admin 04/25/2011 20:43:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2476 [GMT -7:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-25 18:58 . 2011-04-25 18:5828752----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys
2011-04-25 18:58 . 2011-04-11 07:047071056----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\mpengine.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-04-22 20:36 . 2011-04-22 20:36159744----a-w-c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-04-22 20:35 . 2011-04-22 20:36--------d-----w-c:\program files\QuickTime
2011-04-22 08:09 . 2011-04-22 08:09--------d-----w-c:\documents and settings\Matthew\Application Data\OnlineArmor
2011-04-22 06:51 . 2011-04-22 07:28--------d-----w-c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-22 06:51 . 2011-04-22 06:51--------d-----w-c:\documents and settings\Admin\Application Data\OnlineArmor
2011-04-22 06:50 . 2011-04-06 20:0239048----a-w-c:\windows\system32\drivers\oahlp32.sys
2011-04-22 06:50 . 2011-04-06 20:0129464----a-w-c:\windows\system32\drivers\OAnet.sys
2011-04-22 06:50 . 2011-04-06 20:0125192----a-w-c:\windows\system32\drivers\OAmon.sys
2011-04-22 06:50 . 2011-04-06 20:01205864----a-w-c:\windows\system32\drivers\OADriver.sys
2011-04-22 06:49 . 2011-04-22 07:26--------d-----w-c:\program files\Online Armor
2011-04-21 01:20 . 2011-04-21 01:20--------d-----w-c:\documents and settings\Admin\Application Data\Hi-Rez Studios
2011-04-21 01:18 . 2011-04-21 01:18--------d-----w-c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2011-04-21 01:18 . 2011-04-21 18:46--------d-----w-c:\program files\Hi-Rez Studios
2011-04-20 19:18 . 2011-04-11 07:047071056----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 06:55 . 2011-04-20 06:55--------d-----w-c:\program files\ESET
2011-04-19 06:25 . 2010-10-19 20:51222080------w-c:\windows\system32\MpSigStub.exe
2011-04-19 06:22 . 2011-04-19 06:23--------d-----w-c:\program files\Microsoft Security Client
2011-04-17 20:03 . 2011-04-17 20:03--------d-----w-c:\program files\Ventrilo
2011-04-17 20:02 . 2011-04-21 05:17--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2011-04-16 04:33 . 2011-04-16 04:33--------d-----w-c:\program files\Common Files\Java
2011-04-16 04:32 . 2011-02-03 04:40472808----a-w-c:\windows\system32\deployJava1.dll
2011-04-16 04:03 . 2011-04-16 04:03--------d-----w-c:\documents and settings\Admin\Application Data\Malwarebytes
2011-04-16 03:22 . 2011-04-16 03:22--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-15 22:35 . 2011-04-15 22:35--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-13 05:33 . 2011-04-13 05:33--------d-----w-c:\documents and settings\Matthew\Local Settings\Application Data\Mozilla
2011-04-13 03:06 . 2011-04-13 03:06--------d-----w-c:\documents and settings\Kary\Application Data\Wacom
2011-04-13 03:06 . 2011-04-13 03:06--------d-----w-c:\documents and settings\Kary\Application Data\WTablet
2011-04-12 23:00 . 2011-04-12 23:00--------d-----w-c:\program files\GameSpy Arcade
2011-04-12 22:57 . 2011-04-12 22:57--------d-----w-c:\program files\Irrational Games
2011-04-08 06:11 . 2010-12-02 09:12837224----a-w-c:\windows\system32\nvgenco32hda.dll
2011-04-06 10:43 . 2011-01-08 03:27941160----a-w-c:\windows\system32\nvdispco322090.dll
2011-04-06 10:43 . 2011-01-08 03:27837736----a-w-c:\windows\system32\nvgenco322040.dll
2011-04-06 09:43 . 2011-04-06 09:43--------d-----w-c:\program files\Common Files\Creative
2011-04-06 09:42 . 2011-04-06 09:44--------d--h--w-c:\program files\Creative Installation Information
2011-04-06 09:27 . 2011-04-06 09:27--------d-----w-c:\documents and settings\All Users\Application Data\Creative
2011-04-06 09:24 . 2003-06-13 06:257062----a-w-c:\windows\system32\audiopid.vxd
2011-04-06 09:24 . 2011-04-06 09:24--------d-----w-c:\program files\Common Files\Creative Labs Shared
2011-04-06 09:23 . 2011-04-06 09:23445016----a-w-c:\windows\system32\wrap_oal.dll
2011-04-06 09:23 . 2004-07-13 01:53585728----a-w-c:\windows\system32\ctaudfx.dll
2011-04-06 09:23 . 2003-11-13 10:04606208----a-w-c:\windows\system32\ctsblfx.dll
2011-04-06 09:23 . 2003-11-13 10:02114688----a-w-c:\windows\system32\commonfx.dll
2011-04-06 09:14 . 2003-11-11 01:14729088----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-06 09:14 . 2003-11-11 01:1369715----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-06 09:14 . 2003-11-11 01:12266240----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-06 09:14 . 2003-11-11 01:12192512----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-06 09:14 . 2003-11-11 01:115632----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-06 09:14 . 2011-04-06 09:14188548----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-06 09:14 . 2011-04-06 09:14311428----a-w-c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-06 09:12 . 2011-04-06 09:12--------d-----w-c:\documents and settings\Matthew\Application Data\InstallShield Installation Information
2011-04-02 09:23 . 2011-04-02 09:23--------d-----w-c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2011-04-02 09:16 . 2011-04-02 09:16--------d-----w-c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2011-04-02 01:54 . 2011-04-02 01:54--------d-----w-c:\documents and settings\Admin\Application Data\NVIDIA
2011-04-02 01:31 . 2010-11-11 23:1026216----a-w-c:\windows\system32\nvhdap32.dll
2011-04-02 01:31 . 2010-11-11 23:10100456----a-w-c:\windows\system32\drivers\nvhda32.sys
2011-04-02 01:31 . 2010-06-21 22:07232040----a-w-c:\windows\system32\nvcohda.dll
2011-04-02 01:29 . 2011-04-08 06:11252080----a-w-c:\windows\system32\nvdrsdb0.bin
2011-04-02 01:29 . 2011-04-08 06:111----a-w-c:\windows\system32\nvdrssel.bin
2011-04-02 01:29 . 2011-04-08 06:11252080----a-w-c:\windows\system32\nvdrsdb1.bin
2011-03-28 23:13 . 2011-03-28 23:17--------d-----w-c:\program files\SIW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 09:23 . 2009-05-21 01:18109144----a-w-c:\windows\system32\OpenAL32.dll
2011-03-07 05:33 . 2009-05-20 21:35692736----a-w-c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00434176----a-w-c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:001857920----a-w-c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-04 12:00832512----a-w-c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-04 12:0078336----a-w-c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-04 12:001830912------w-c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-04 12:0017408------w-c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-04 12:00455936----a-w-c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00357888----a-w-c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-22 22:185120----a-w-c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-04 12:00389120----a-w-c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-04 12:00290432----a-w-c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00270848----a-w-c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00186880----a-w-c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00978944----a-w-c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00974848----a-w-c:\windows\system32\mfc42u.dll
2011-02-03 02:19 . 2009-07-29 08:5173728----a-w-c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-05-20 21:342067456----a-w-c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-05-20 21:34677888----a-w-c:\windows\system32\mstsc.exe
2011-03-18 17:53 . 2011-04-02 09:16142296----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-02-10 629336]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Hi-Rez Studios\\games\\global agenda live\\Binaries\\GlobalAgenda.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl6656390c;MpKsl6656390c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys [4/25/2011 11:58 AM 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/21/2011 11:50 PM 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/21/2011 11:50 PM 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/21/2011 11:50 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/21/2011 11:50 PM 29464]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/8/2011 2:54 AM 401920]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/14/2011 5:28 AM 21992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [4/13/2011 1:02 PM 23680]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/21/2011 11:49 PM 381512]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2/10/2011 4:04 PM 4869488]
R2 TouchServicePen;Wacom CONSUMER Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2/10/2011 4:05 PM 416112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/1/2011 6:31 PM 100456]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2/10/2011 4:04 PM 16240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 cpuz134;cpuz134;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/6/2011 2:24 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/21/2011 11:49 PM 4326472]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004Core.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004UA.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005Core.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005UA.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- SUPPLEMENTARY Scan -------
.
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ee30ac2q.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-25 20:53:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-26 03:53
.
Pre-Run: 169,950,330,880 bytes free
Post-Run: 170,042,322,944 bytes free
.
- - End Of File - - 19BC45C840308F97D27905FDDB2E5623
Were you able to install Acrobat Reader?Yes I was. Thank you.Good. Carry on with your cleanup as described in Reply # 25. Please LET me know when you're done.Quote from: darthgaul on April 23, 2011, 01:32:48 PM

Will do.

Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error:
Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel
When i try to install the latest version of acrobat reader.

I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button.

I'd really need to have acrobat reader on my computer.

The website for http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 moved to http://johnsonyip.com/how-to-unlock-windows-registry-permissions-tuturials.htm

You can try turning off UAC and switching to the classic theme to see if it works.Quote from: SuperDave on April 26, 2011, 04:57:52 PM

Good. Carry on with your cleanup as described in Reply # 25. Please let me know when you're done.

All Done.Very well. I will lock this thread. If you need it re-opened, please send me a pm.

254.	Solve : Re: My computer is sending out emails! Virus??
Answer» NEED some help PLEASE??? my hotmail account has STARTED to send out SPAM mail??

278.	Solve : sound and video jittery- suspected malware???
Answer» Thank you for the Link Dave, I had the laptop apart last week (that was fun!!) and cleaned the fan there wasn't a lot of dust in there tho which surprised me. I am gona have to ask the COMPANY who re-installed for a disc. thanks for all your work on this matter.Hi Dave I have been TRYING to reinstall windows but it gets to the point of formatting the hard drive and shuts down?? also the disc I have is not suitable for the sfc /scannow as it says it is a different disc. am at a loss here as to what to do? It WOULD appear that there could be something defective with your harddrive or some other some other component of your COMPUTER. Please try running a diagnostic on your harddrive. Run hard drive diagnostics: tacktech.com Make sure, you select tool, which is appropriate for the brand of your hard drive. Depending on the program, it'll create bootable floppy, or bootable CD. If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable. For TOSHIBA hard drives, see here: Note : If you do not know how to set your computer to boot from CD follow the steps here

284.	Solve : Need help with Malware removal.?
Answer» That sounds good. I will LOCK this thread. If you need it re-opened, PLEASE SEND me a pm.

291.	Solve : remove Virus?
Answer» Need Help with REMOVE Trojon And Adware VirusPlease GO to this link and FOLLOW the directions and post the required LOGS.

292.	Solve : Please help - Fake Spy Pro issues?
Answer» Ok. One more scan. Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows: •Double-click on drweb-cureit.exe and then click Start •An information notice will appear, click OK. •This starts a short scan that will scan the files currently RUNNING in memory. •If you get a prompt to buy the full version just EXIT out of the window. The scanner will still work without buying the full version •If or when something is found, click the Yes button when it asks you if you want to cure it. •Once the short scan has finished, Click SETTINGS > Change Settings •Under the Scanning tab UNcheck Heuristic analysis and click OK •Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start. •Click Yes to all if it asks if you want to cure/move any file(s). •When the scan is done. •In the Dr.Web CureIt menu on top left, click File and choose Save report list. •Save the DrWeb.csv report to your Desktop. •Exit Dr.Web Cureit. •Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. * After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad * Copy and paste that log in the next replyNo viruses found :-)That looks good. If there's no other issues, let's do some clean-up * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box. * Now type Combofix /uninstall in the runbox * Make sure there's a space between Combofix and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. =============================== Download OTC by OldTimer and save it to your desktop. 1. Double-click OTC to run it. 2. Click the CleanUp! button. 3. Select Yes when the "Begin cleanup Process?" prompt appears. 4. If you are prompted to Reboot during the cleanup, select Yes 5. OTC should delete itself once it finishes, if not delete it yourself. =============================== Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have SAVED all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ================================ Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) COMODO Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ================================= Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!

294.	Solve : fake "windows security center" virus; won't allow me to run any programs?
Answer» Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee Total Protection McAfee Uninstall Wizard ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java(TM) 6 Update 15 Out of date Java installed! Adobe Flash Player 10.0.45.2 Adobe Reader 9.1.3 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent ```````````````````````````````` DNS VULNERABILITY Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Please upgrade to Windows XP SP3, because it includes all previously RELEASED updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update. More info about SP3: http://www.geekpolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm ================================================= Please download the newest version of Adobe Acrobat Reader from Adobe.com Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still LEAVE you vulnerable. Go to the Control Panel and enter Add or Remove Programs (Programs and FEATURES in Vista/7). Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them. Once old versions are gone, please install the newest version. == Please download the newest version of Java from Java.com. Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable. Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7). Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them. Once old versions are gone, please install the newest version. ================================================== See this page for more info about malware and prevention. Any more questions?Everything is working perfectly now. Thanks very much! Your help is appreciated.

295.	Solve : "Ssytem" at top of Task Manager?
Answer» But if I remove AVG free edition, what will I protect my computer with?That was why I said to install Avira free from http://www.free-av.comDragonMaster Jay, I renounce God and now pray to you!! Thank you for the miracle!! My SYSTEM is ridonculously low. from 97K to 240 stable, not EVEN fluctuating at all. Just 240.Glad that worked. AVG bothers me a lot. I don't RECOMMEND them very MUCH anymore.

299.	Solve : ?!?!?!?! - new malware problem - need help please - ?!?!?!?!?
Answer» You're WELCOME.

Explore topic-wise InterviewSolutions in .

Solve : Scan Results?

Solve : Virus Removal Assistance Needed, Please Help :S?

Solve : Major Virus Problem?

Solve : Re: My computer is sending out emails! Virus??

Solve : Multiple Copies of explorer.exe?

Solve : PC Performance and Stability Report?

Solve : "System Tool 2011" virus + Taskbar keeps swithching themes?

Solve : Laptop infected...?

Solve : Something blocking me from AV websites, have done required steps?

Solve : HJT made an evaluation?

Solve : Is my PC infected??

Solve : no windows update, browser redirects, no task bar or icons at startup?

Solve : Annoying Google Redirect?

Solve : Trojan.Vundo and more?

Solve : white smoke translator help!?

Solve : XP virus?

Solve : Trojan downloader/dropper/virus(es)?

Solve : Malware after bad link from infected friend?

Solve : Requesting help to clean PC?

Solve : Infected with win 7 security 2011?

Solve : Background process almost brings computer to a halt?

Solve : know I have a virus, don't know anything else about it.?

Solve : I keep sending everyone in my email address book emails.?

Solve : Log analyze (malware removal help)?

Solve : PC Running Very Slow/Freezing?

Solve : Requesting Help with Malware Removal?

Solve : Troubling Virus?

Solve : sound and video jittery- suspected malware???

Solve : Malware Issues - PE_Perfect pecompact TR/SPy.Keylogger.qme?

Solve : unregistered files?

Solve : cannot use internet on infected computer?

Solve : adobe flash misbehaving?

Solve : computer running slow and locks up intermittently?

Solve : Need help with Malware removal.?

Solve : Stubborn Malware!?

Solve : Malware or Virus?

Solve : relevant knowledge and atdm?

Solve : browser hijacking....help please!?

Solve : help with removal of http://gooogle-analytics.com/ga.min.js problem?

Solve : Google redirect problem?

Solve : remove Virus?

Solve : Please help - Fake Spy Pro issues?

Solve : IE 7 Redirects?

Solve : fake "windows security center" virus; won't allow me to run any programs?

Solve : "Ssytem" at top of Task Manager?

Solve : Re: Need some help?

Solve : Application is executed the file --------- maybe infected?

Solve : Need some help?

Solve : ?!?!?!?! - new malware problem - need help please - ?!?!?!?!?

Solve : Getting pop-ups & Error messages!?