Author Topic: Scan Results (Read 21676 times)

darthgaul · « **Reply #30 on:** April 22, 2011, 01:45:30 PM »

Sorry i didn't clarify. I am running as administrator.

SuperDave · « **Reply #31 on:** April 22, 2011, 06:07:13 PM »

Ok. You will have to skip over Secunia but please make sure that Windows and Java are up-to-date.

darthgaul · « **Reply #32 on:** April 22, 2011, 06:49:50 PM »

I was able to update all the other programs that came up from Secunia something is just messed up with acrobat reader.

Windows and Java are up to date.

I was able to remove all the other programs we used also.

One thing I'm noticing it it takes a lot longer for my computer to login to a account (admin or matthew) since I have loaded a 3rd party firewall (Online Armor). My computer makes a strange buzzing/ scraping sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another?

SuperDave · « **Reply #33 on:** April 23, 2011, 01:20:03 PM »

Quote

My computer makes a strange buzzing/ scraping sound (sounds like the hard drive) when the firewall is turned on/ off. Is that normal? Should I remove it and load another?

It sounds like something is amiss in the harddrive or one of the fans. It could be just a coincidence that it started at the same time you installed a third-party Firewall. Try uninstall the firewall altogether and see what happens.

darthgaul · « **Reply #34 on:** April 23, 2011, 01:32:48 PM »

Will do.

Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error:
Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel
When i try to install the latest version of acrobat reader.

I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button.

I'd really need to have acrobat reader on my computer.

SuperDave · « **Reply #35 on:** April 24, 2011, 12:58:01 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Post the ComboFix log in your next reply.

Please try to install Acrobat Reader now.

darthgaul · « **Reply #36 on:** April 25, 2011, 09:59:09 PM »

That worked! you are fricking amazing. Thank you very much. Here is the log:

ComboFix 11-04-25.02 - Admin 04/25/2011 20:43:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2476 [GMT -7:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-26 to 2011-04-26 )))))))))))))))))))))))))))))))
.
.
2011-04-25 18:58 . 2011-04-25 18:58   28752   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys
2011-04-25 18:58 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\mpengine.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-04-22 20:36 . 2011-04-22 20:36   159744   ----a-w-   c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2011-04-22 20:35 . 2011-04-22 20:36   --------   d-----w-   c:\program files\QuickTime
2011-04-22 08:09 . 2011-04-22 08:09   --------   d-----w-   c:\documents and settings\Matthew\Application Data\OnlineArmor
2011-04-22 06:51 . 2011-04-22 07:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-22 06:51 . 2011-04-22 06:51   --------   d-----w-   c:\documents and settings\Admin\Application Data\OnlineArmor
2011-04-22 06:50 . 2011-04-06 20:02   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-22 06:50 . 2011-04-06 20:01   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-22 06:50 . 2011-04-06 20:01   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-22 06:50 . 2011-04-06 20:01   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-22 06:49 . 2011-04-22 07:26   --------   d-----w-   c:\program files\Online Armor
2011-04-21 01:20 . 2011-04-21 01:20   --------   d-----w-   c:\documents and settings\Admin\Application Data\Hi-Rez Studios
2011-04-21 01:18 . 2011-04-21 01:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2011-04-21 01:18 . 2011-04-21 18:46   --------   d-----w-   c:\program files\Hi-Rez Studios
2011-04-20 19:18 . 2011-04-11 07:04   7071056   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 06:55 . 2011-04-20 06:55   --------   d-----w-   c:\program files\ESET
2011-04-19 06:25 . 2010-10-19 20:51   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-04-19 06:22 . 2011-04-19 06:23   --------   d-----w-   c:\program files\Microsoft Security Client
2011-04-17 20:03 . 2011-04-17 20:03   --------   d-----w-   c:\program files\Ventrilo
2011-04-17 20:02 . 2011-04-21 05:17   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2011-04-16 04:33 . 2011-04-16 04:33   --------   d-----w-   c:\program files\Common Files\Java
2011-04-16 04:32 . 2011-02-03 04:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-04-16 04:03 . 2011-04-16 04:03   --------   d-----w-   c:\documents and settings\Admin\Application Data\Malwarebytes
2011-04-16 03:22 . 2011-04-16 03:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-15 22:35 . 2011-04-15 22:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-13 05:33 . 2011-04-13 05:33   --------   d-----w-   c:\documents and settings\Matthew\Local Settings\Application Data\Mozilla
2011-04-13 03:06 . 2011-04-13 03:06   --------   d-----w-   c:\documents and settings\Kary\Application Data\Wacom
2011-04-13 03:06 . 2011-04-13 03:06   --------   d-----w-   c:\documents and settings\Kary\Application Data\WTablet
2011-04-12 23:00 . 2011-04-12 23:00   --------   d-----w-   c:\program files\GameSpy Arcade
2011-04-12 22:57 . 2011-04-12 22:57   --------   d-----w-   c:\program files\Irrational Games
2011-04-08 06:11 . 2010-12-02 09:12   837224   ----a-w-   c:\windows\system32\nvgenco32hda.dll
2011-04-06 10:43 . 2011-01-08 03:27   941160   ----a-w-   c:\windows\system32\nvdispco322090.dll
2011-04-06 10:43 . 2011-01-08 03:27   837736   ----a-w-   c:\windows\system32\nvgenco322040.dll
2011-04-06 09:43 . 2011-04-06 09:43   --------   d-----w-   c:\program files\Common Files\Creative
2011-04-06 09:42 . 2011-04-06 09:44   --------   d--h--w-   c:\program files\Creative Installation Information
2011-04-06 09:27 . 2011-04-06 09:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Creative
2011-04-06 09:24 . 2003-06-13 06:25   7062   ----a-w-   c:\windows\system32\audiopid.vxd
2011-04-06 09:24 . 2011-04-06 09:24   --------   d-----w-   c:\program files\Common Files\Creative Labs Shared
2011-04-06 09:23 . 2011-04-06 09:23   445016   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-04-06 09:23 . 2004-07-13 01:53   585728   ----a-w-   c:\windows\system32\ctaudfx.dll
2011-04-06 09:23 . 2003-11-13 10:04   606208   ----a-w-   c:\windows\system32\ctsblfx.dll
2011-04-06 09:23 . 2003-11-13 10:02   114688   ----a-w-   c:\windows\system32\commonfx.dll
2011-04-06 09:14 . 2003-11-11 01:14   729088   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-04-06 09:14 . 2003-11-11 01:13   69715   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-04-06 09:14 . 2003-11-11 01:12   266240   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-04-06 09:14 . 2003-11-11 01:12   192512   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-04-06 09:14 . 2003-11-11 01:11   5632   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-04-06 09:14 . 2011-04-06 09:14   188548   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-04-06 09:14 . 2011-04-06 09:14   311428   ----a-w-   c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-04-06 09:12 . 2011-04-06 09:12   --------   d-----w-   c:\documents and settings\Matthew\Application Data\InstallShield Installation Information
2011-04-02 09:23 . 2011-04-02 09:23   --------   d-----w-   c:\documents and settings\Admin\Application Data\SystemRequirementsLab
2011-04-02 09:16 . 2011-04-02 09:16   --------   d-----w-   c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2011-04-02 01:54 . 2011-04-02 01:54   --------   d-----w-   c:\documents and settings\Admin\Application Data\NVIDIA
2011-04-02 01:31 . 2010-11-11 23:10   26216   ----a-w-   c:\windows\system32\nvhdap32.dll
2011-04-02 01:31 . 2010-11-11 23:10   100456   ----a-w-   c:\windows\system32\drivers\nvhda32.sys
2011-04-02 01:31 . 2010-06-21 22:07   232040   ----a-w-   c:\windows\system32\nvcohda.dll
2011-04-02 01:29 . 2011-04-08 06:11   252080   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-04-02 01:29 . 2011-04-08 06:11   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-04-02 01:29 . 2011-04-08 06:11   252080   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-03-28 23:13 . 2011-03-28 23:17   --------   d-----w-   c:\program files\SIW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 09:23 . 2009-05-21 01:18   109144   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-03-07 05:33 . 2009-05-20 21:35   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-04 12:00   434176   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-04 12:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2004-08-04 12:00   832512   ----a-w-   c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2004-08-04 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2004-08-04 12:00   1830912   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2004-08-04 12:00   17408   ------w-   c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2004-08-04 12:00   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-04 12:00   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-05-22 22:18   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2004-08-04 12:00   389120   ----a-w-   c:\windows\system32\html.iec
2011-02-15 12:56 . 2004-08-04 12:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-04 12:00   270848   ----a-w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-04 12:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-04 12:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-03 02:19 . 2009-07-29 08:51   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2009-05-20 21:34   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-05-20 21:34   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-03-18 17:53 . 2011-04-02 09:16   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-16 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-02-10 629336]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Fantasy Grounds II\\FantasyGrounds.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Hi-Rez Studios\\games\\global agenda live\\Binaries\\GlobalAgenda.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 MpKsl6656390c;MpKsl6656390c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BEC163F9-24A5-4CBB-A32E-CC1C6ACAE756}\MpKsl6656390c.sys [4/25/2011 11:58 AM 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/21/2011 11:50 PM 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/21/2011 11:50 PM 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/21/2011 11:50 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/21/2011 11:50 PM 29464]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/8/2011 2:54 AM 401920]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2/14/2011 5:28 AM 21992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [4/13/2011 1:02 PM 23680]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/21/2011 11:49 PM 381512]
R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2/10/2011 4:04 PM 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2/10/2011 4:05 PM 416112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/1/2011 6:31 PM 100456]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2/10/2011 4:04 PM 16240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 cpuz134;cpuz134;\??\c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/6/2011 2:24 AM 79360]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2011 11:29 PM 136176]
S3 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/21/2011 11:49 PM 4326472]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-25 01:49]
.
2011-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004Core.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1004UA.job
- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 14:55]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005Core.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1005UA.job
- c:\documents and settings\Kary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-02 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1078145449-725345543-1006UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:31]
.
2011-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ee30ac2q.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-25 20:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-04-25 20:53:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-26 03:53
.
Pre-Run: 169,950,330,880 bytes free
Post-Run: 170,042,322,944 bytes free
.
- - End Of File - - 19BC45C840308F97D27905FDDB2E5623

SuperDave · « **Reply #37 on:** April 26, 2011, 01:08:09 PM »

Were you able to install Acrobat Reader?

darthgaul · « **Reply #38 on:** April 26, 2011, 01:51:49 PM »

Yes I was. Thank you.

SuperDave · « **Reply #39 on:** April 26, 2011, 04:57:52 PM »

Good. Carry on with your cleanup as described in Reply # 25. Please let me know when you're done.

froggyboy604 · « **Reply #40 on:** May 01, 2011, 09:06:04 PM »

Quote from: darthgaul on April 23, 2011, 01:32:48 PM

Will do.

Also another question do you know how to unlock a registry key so i can install the latest Acrobat reader/ I keep getting the error:
Error 1402.could not open key:
HKEY_local_Machine\software\microsoft\windows\currentversion\Run\optionalcomponents\MSFS.
Verify that you have sufficient access to that key of contact support personel
When i try to install the latest version of acrobat reader.

I tried going through the steps at http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 but hit a wall around step 11 because i don't have a "other users or groups..." button.

I'd really need to have acrobat reader on my computer.

The website for http://johnsonyip.com/index.php?option=com_content&view=article&id=96&Itemid=198 moved to http://johnsonyip.com/how-to-unlock-windows-registry-permissions-tuturials.htm

You can try turning off UAC and switching to the classic theme to see if it works.

darthgaul · « **Reply #41 on:** May 01, 2011, 09:58:36 PM »

Quote from: SuperDave on April 26, 2011, 04:57:52 PM

Good. Carry on with your cleanup as described in Reply # 25. Please let me know when you're done.

All Done.

SuperDave · « **Reply #42 on:** May 02, 2011, 01:11:01 PM »

Very well. I will lock this thread. If you need it re-opened, please send me a pm.

Computer Hope Forum

News:

Author Topic: Scan Results (Read 21676 times)

darthgaul

Re: Scan Results

SuperDave

Re: Scan Results

darthgaul

Re: Scan Results

SuperDave

Re: Scan Results

darthgaul

Re: Scan Results

SuperDave

Re: Scan Results

darthgaul

Re: Scan Results

SuperDave

Re: Scan Results

darthgaul

Re: Scan Results

SuperDave

Re: Scan Results

froggyboy604

Re: Scan Results

darthgaul

Re: Scan Results

SuperDave

Re: Scan Results