Solved Can't update, run defrag or use security center

Here is the results using Jotti's:


Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.





--------------------------------------------------------------------------------

Filename: alcxsens.sys
Status: Scan finished. 1 out of 20 scanners reported malware.
Scan taken on: Sat 17 Apr 2010 00:16:02 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 391424 bytes
Filetype: PE32 executable for MS Windows (DLL) (native) Intel 80386 32-bit
MD5: fbbcb95f677cbaa924140b6ea2d9a97b
SHA1: 173b3e8500271fadb04f323ff581e5cf31847832
Packer (Drweb): PESTUB
Packer (Kaspersky): PE_Patch







Scanners
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 PUA.Packed.tElock1.Private 2010-04-16 Found nothing
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 Found nothing 2010-04-14 Found nothing
2010-04-16 Found nothing 2010-04-16 Found nothing
2010-04-16 Found nothing



--------------------------------------------------------------------------------
I see the actual scanners used do not show here. The one reporting the "infection "(?) was ClamAV. Do you wish I should try the other link you provided as well?

~Vicki

 

Yes please. Give it a shot and post the results up.

 

log from virustotal

Here is the results from virustotal:

File ALCXSENS.SYS received on 2010.03.23 16:04:34 (UTC)
Current status: finished

Result: 1/42 (2.38%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.23 -
AhnLab-V3 5.0.0.2 2010.03.23 -
AntiVir 8.2.1.196 2010.03.23 -
Antiy-AVL 2.0.3.7 2010.03.23 -
Authentium 5.2.0.5 2010.03.23 -
Avast 4.8.1351.0 2010.03.23 -
Avast5 5.0.332.0 2010.03.23 -
AVG 9.0.0.787 2010.03.23 -
BitDefender 7.2 2010.03.23 -
CAT-QuickHeal 10.00 2010.03.23 -
ClamAV 0.96.0.0-git 2010.03.23 PUA.Packed.tElock1.Private
Comodo 4358 2010.03.23 -
DrWeb 5.0.1.12222 2010.03.23 -
eSafe 7.0.17.0 2010.03.23 -
eTrust-Vet 35.2.7383 2010.03.23 -
F-Prot 4.5.1.85 2010.03.23 -
F-Secure 9.0.15370.0 2010.03.23 -
Fortinet 4.0.14.0 2010.03.22 -
GData 19 2010.03.23 -
Ikarus T3.1.1.80.0 2010.03.23 -
Jiangmin 13.0.900 2010.03.23 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.23 -
McAfee 5928 2010.03.22 -
McAfee+Artemis 5928 2010.03.22 -
McAfee-GW-Edition 6.8.5 2010.03.23 -
Microsoft 1.5605 2010.03.23 -
NOD32 4968 2010.03.23 -
Norman 6.04.10 2010.03.23 -
nProtect 2009.1.8.0 2010.03.23 -
Panda 10.0.2.2 2010.03.23 -
PCTools 7.0.3.5 2010.03.23 -
Prevx 3.0 2010.03.23 -
Rising 22.40.01.04 2010.03.23 -
Sophos 4.51.0 2010.03.23 -
Sunbelt 6031 2010.03.22 -
Symantec 20091.2.0.41 2010.03.23 -
TheHacker 6.5.2.0.242 2010.03.23 -
TrendMicro 9.120.0.1004 2010.03.23 -
VBA32 3.12.12.2 2010.03.23 -
ViRobot 2010.3.23.2240 2010.03.23 -
VirusBuster 5.0.27.0 2010.03.23 -
Additional information
File size: 391424 bytes
MD5 : fbbcb95f677cbaa924140b6ea2d9a97b
SHA1 : 173b3e8500271fadb04f323ff581e5cf31847832
SHA256: a599724e0074dba041ccabbdcaf97fda19bf76848b705165db0716d54760d9d6
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x67510
timedatestamp.....: 0x3FD85741 (Thu Dec 11 12:38:41 2003)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x430AC 0x43100 6.69 cac662391629c81ea47f214dea82e168
page 0x43480 0x13DC8 0x13E00 6.41 61e2ea96486233c6f779ce2d060fc8a8
init 0x57280 0x295 0x300 5.34 6732818757d69b58307c353d34b4f8ea
.data 0x57580 0x4610 0x4680 1.25 189e5cf6dba0e64845c3fc108e9128dc
init 0x5BC00 0x20 0x80 1.24 5eabcb2e32c7f3eea603c6da7b15f53f
INIT 0x5BC80 0x74A 0x780 5.39 4b521cbb7bccd698e34b57c02fb80d10
.rsrc 0x5C400 0x270 0x280 3.18 4b2d53a35422bba8f00fc64ce5270c66
.reloc 0x5C680 0x327E 0x3280 6.35 3c936ba88ca231290c29a08e99b7b7c6

( 0 imports )


( 0 exports )

TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 6144:ADyZQnGdE/fnuDGQWTjrtVZ411/Rb7pPRqSbqfmhMJqOlxBExGvcdgUwS5hfsRXa:AWDDWTftVaJRb7plbqfmhMJqOlxuGcdl
sigcheck: publisher....: Sensaura Ltd
copyright....: Copyright (c) 2003 Sensaura
product......: n/a
description..: Sensaura WDM 3D Audio Driver
original name: n/a
internal name: n/a
file version.: 5.10.00.3511D
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : tElock 0.99 - 1.0 private -> tE!
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set

Assuming this also reports pretty much the same as Jotti's??

Still no luck in running either a disk defrag or the security center. But I may have forgot to mention previously that when I try running the defrag program, I receive the error box "Micosoft Management Console" MMC cannot open the file C:\WINDOWS\System32\dfrg.msc. This may be because the file does not exits, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file."

I apologize if this was pertinent information that should have been posted earlier!

I truly appreciate you taking your time in helping with this matter!

~Vicki

 

No worries . I am happy to try and help.

Go to Start | Run and type in sfc /scannow and hit the Ok button. Insert your CD if/when requested.

You will not see much going on whilst this is running, but when it is done, reboot and see if the problem remains.

==

Looks like that file is ok.

 

didn't help

I ran the sfc (as you directed). It did ask for the cd which I inserted and it ran the "Windows file protection" thing. I removed the disk after it appeared nothing else was happening and rebooted. No change in the appearance of Security Center or when trying to run a disk defrag.

Here's some further info (after trying to do updates to Windows)

When going to the website to do updates, it goes through the process of checking this computer for what's currently installed and then if I check on (either) the express or custom option, I received the following message:

I never noticed the error number before (this monitor isn't the best!!)


I hope this isn't as frustrating for you as it is for me?! I truly appreciate your patience!

~Vicki

 

Hey, I was born patient .

Try this please;

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

 

Wow, what a session I had with that computer this morning! Upon boot up/start up of that computer, I noticed a green checkmark located down in the notification tray (down by the clock). I did download the dial-a-fix and ran as directed. I kept getting pop-ups saying the computer was infected the whole time I was running the dial-a-fix! It was from the "AV Security Suite" I believe?

I quickly updated Malwarebytes and did a scan and I do believe it removed it? Also updated Spybot and ran that as well, it also removed several items. Don't know where/how those got on there? The only time that computer is used is when I log on to this BBS to read the instructions I needed to perform the various scans, downloads, etc.

Can a computer become infected if the computer is shut off but the ethernet cable is still connected?? (I didn't realize until later that the AVG had been shut off! My bad, I guess I forgot to turn it back on after doing some of those scans!)

Anyway, almost immediately after doing the dial-a-fix, the update security icon appeared! I downloaded that update (something about Microsoft Network 3.1 or something to that effect). Rebooted as instructed and it is actually downloading/installing MANY of the needed updates as I write! (Using my computer to post).

Haven't had a chance to check any of the other functions (i.e disk defrag, security center options, etc). But will do that after the updating completes.

Glad to know that you have lots of patience, crunchie! I have a sinking feeling we're not done yet!
~Vicki~

 

Ok. Post back again when you know what is working/not working and we will go from there .

 

Looking better!

Things are (finally!) looking better! The downloads for Windows are finished (complete with SP3 and IE7!) I did check the Security Center and it now shows everything the way it should (nothing grayed out and all the settings for the firewall, updates and antivirus are shown now too!)

I am currenty running a disk defrag (that's working now too!) I'm feeling a whole lot better about that computer being running properly again!

When that is completed, would you like me to run another type of scan (i.e DDS, Kapersky, or any others?) I want to make sure that machine is completely 'clean' before I turn it back over to my son!

I do have one other question. There are many icons on the desktop now from all the previous downloads, text logs, etc. Can these all be safely deleted or is there an "uninstall" program for the exe ones we've used?

You have no idea how much I have appreciated your help!!

~Vicki~

 

Sounds like things are back on track . I will get you to run a Kaspersky scan, then pending the results, we will remove some of the tools installed.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

Finished the disk defrag and have run the Kapersky scanner as requested. Here is the results from that scan:

Last database update: Wednesday, June 30, 2010 16:24:20
Records in database: 4263404
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 68283
Threats found: 4
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:46:09


File name / Threat / Threats count
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-36440cd4 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-36440cd4 Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\Owner\Shared\Outkast - Bombs over Bagdad.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\3qJjU7.sys.vir Infected: Rootkit.Win32.Agent.bevd 1

Selected area has been scanned.


That report didn't look too good to me! Hopefully we can get it cleaned up without having to do a format and reinstall?

~Vicki

 

Now you need to clear the Java cache. To clear the Java Plug-in cache:

• Click Start > Control Panel.
  
• Double-click the Java icon in the control panel.
  The Java Control Panel appears.
  
  
• Click Settings under Temporary Internet Files on the 'General' Tab.
  The Temporary Files Settings dialog box appears.
  
  
• Click Delete Files.
  The Delete Temporary Files dialog box appears.

There are two options on this window to clear the cache.

• Applications and Applets
  Trace and Log Files
  
• Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  
• Click OK on Temporary Files Settings window.

=============

Delete the Combofix that you ran earlier, then download the lastest version from the same link that I provided earlier.
Make sure it is on the desktop.

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

File::
C:\Documents and Settings\Owner\Shared\Outkast - Bombs over Bagdad.wma

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

===========

Can you try again to run OTL and post the logs please.

 

I did the clearing of the Java cache as instructed and just finished with combofix (once again I recieved several "pop-ups" regarding registry errors--with those symbols I had tried to explain earlier). I actually counted closing those error messages 6 times! Fortunately the log did once again produce:

ComboFix 10-06-30.03 - Owner 07/01/2010 8:44.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.235 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Owner\Shared\Outkast - Bombs over Bagdad.wma "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Shared\Outkast - Bombs over Bagdad.wma

.
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-30 13:50 . 2010-05-04 17:20 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-30 13:50 . 2010-05-04 17:20 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-30 13:50 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-30 13:50 . 2010-05-04 17:20 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-30 13:50 . 2010-05-04 17:20 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-06-30 13:50 . 2010-05-04 17:20 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2010-06-30 13:50 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2010-06-30 13:50 . 2010-05-04 17:20 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2010-06-30 13:21 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-06-29 23:29 . 2010-06-29 23:30 -------- d-----w- c:\program files\MSXML 6.0
2010-06-29 16:17 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-06-29 16:17 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-06-29 15:37 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-06-29 15:36 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-06-29 15:36 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-29 15:36 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-06-29 15:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-06-29 15:35 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-06-29 15:34 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-06-29 15:34 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-06-29 15:34 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-06-29 15:34 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-06-29 15:34 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-06-29 15:34 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-06-29 15:34 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-06-29 15:34 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-06-29 15:34 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-06-29 15:34 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-06-29 15:34 . 2010-02-17 14:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-29 15:34 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-06-29 15:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-06-29 15:26 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-06-29 15:24 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-06-29 14:58 . 2010-07-01 13:43 -------- d-----w- c:\windows\system32\CatRoot2
2010-06-29 12:43 . 2010-06-29 13:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mdcxlnkym
2010-06-29 00:53 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-06-29 00:53 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-06-29 00:53 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-06-29 00:53 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-06-29 00:53 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-06-29 00:53 . 2004-08-04 03:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-06-29 00:52 . 2004-08-04 03:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-06-29 00:52 . 2004-08-04 03:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-06-29 00:52 . 2001-08-17 17:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-06-29 00:52 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-06-29 00:52 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-06-29 00:52 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-06-29 00:52 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2010-06-29 00:52 . 2004-08-04 03:29 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2010-06-29 00:52 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
2010-06-29 00:52 . 2004-08-04 03:29 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
2010-06-29 00:52 . 2004-08-04 03:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2010-06-29 00:52 . 2004-08-04 03:29 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2010-06-29 00:50 . 2001-08-17 18:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-06-29 00:50 . 2001-08-17 18:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-06-29 00:50 . 2001-08-17 18:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-06-29 00:50 . 2001-08-17 18:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-06-29 00:50 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2010-06-29 00:50 . 2001-08-17 18:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2010-06-29 00:50 . 2004-08-04 03:31 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2010-06-29 00:50 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-06-29 00:50 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-06-29 00:50 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-06-29 00:50 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-06-29 00:50 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-06-29 00:48 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2010-06-29 00:48 . 2001-08-18 03:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-06-29 00:48 . 2001-08-17 18:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-06-29 00:48 . 2001-08-17 19:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-06-29 00:48 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-06-29 00:48 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-06-29 00:48 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-06-29 00:48 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-06-29 00:48 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-06-29 00:48 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-06-29 00:48 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-06-29 00:46 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-06-29 00:45 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2010-06-29 00:45 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2010-06-29 00:45 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2010-06-29 00:45 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-06-29 00:45 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-06-29 00:45 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-06-29 00:45 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-06-29 00:45 . 2001-08-17 17:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-06-29 00:45 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-06-29 00:45 . 2001-08-17 18:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-06-29 00:45 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-06-29 00:43 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-06-29 00:43 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-06-29 00:43 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-06-29 00:43 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-06-29 00:43 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-06-29 00:43 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-06-29 00:43 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-06-29 00:43 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-06-29 00:43 . 2001-08-17 18:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2010-06-29 00:43 . 2001-08-17 18:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2010-06-29 00:43 . 2001-08-17 18:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-06-29 00:41 . 2001-08-18 03:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2010-06-29 00:41 . 2001-08-18 03:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2010-06-29 00:41 . 2004-08-04 03:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-06-29 00:41 . 2001-08-17 17:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-06-29 00:41 . 2001-08-17 17:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-06-29 00:41 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-06-29 00:41 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2010-06-29 00:41 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-06-29 00:41 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2010-06-29 00:41 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-06-29 00:41 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-06-29 00:39 . 2001-08-17 18:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-06-29 00:39 . 2001-08-17 18:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-06-29 00:39 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-06-29 00:39 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2010-06-29 00:39 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2010-06-29 00:39 . 2001-08-17 19:04 173696 -c--a-w- c:\windows\system32\dllcache\philcam2.sys
2010-06-29 00:39 . 2001-08-17 19:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2010-06-29 00:39 . 2001-08-18 03:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2010-06-29 00:39 . 2001-08-17 19:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-06-29 00:39 . 2001-08-17 19:07 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2010-06-29 00:39 . 2004-08-04 03:06 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2010-06-29 00:39 . 2001-08-18 03:36 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2010-06-29 00:39 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2010-06-29 00:37 . 2001-08-17 18:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-06-29 00:37 . 2001-08-17 17:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-24 13:09 . 2010-06-24 13:09 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abc53c1-n\msvcp71.dll
2010-06-24 13:09 . 2010-06-24 13:09 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abc53c1-n\jmc.dll
2010-06-24 13:09 . 2010-06-24 13:09 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abc53c1-n\msvcr71.dll
2010-06-24 13:08 . 2010-06-24 13:08 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45b03ffe-n\decora-sse.dll
2010-06-24 13:08 . 2010-06-24 13:08 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-45b03ffe-n\decora-d3d.dll
2010-06-24 13:08 . 2006-03-09 22:36 -------- d-----w- c:\program files\Common Files\Java
2010-06-24 12:51 . 2006-03-09 22:36 -------- d-----w- c:\program files\Java
2010-06-14 22:39 . 2007-07-27 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-14 21:07 . 2007-07-27 23:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-11 13:19 . 2010-06-11 13:19 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-11 13:19 . 2010-06-11 13:19 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-11 13:18 . 2010-04-20 14:58 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-11 13:18 . 2010-04-20 14:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-24 22:25 . 2009-12-29 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 18:07 . 2010-05-17 14:54 -------- d-----w- c:\program files\Video Download Toolbar
2010-05-24 17:44 . 2010-05-24 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-05-24 15:01 . 2010-05-24 15:01 -------- d-----w- c:\documents and settings\Owner\Application Data\GBM Software
2010-05-17 15:47 . 2006-03-14 23:57 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-17 15:47 . 2006-03-14 23:57 -------- d-----w- c:\program files\Ahead
2010-05-17 14:54 . 2010-05-17 14:54 294013 ----a-w- c:\windows\Video_Download_Toolbar_Uninstaller_4265.exe
2010-05-13 09:29 . 2006-05-04 07:58 -------- d-----w- c:\program files\Google
2010-05-13 08:28 . 2010-05-13 08:28 -------- d-----w- c:\program files\W3i
2010-05-11 15:16 . 2010-05-11 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-11 14:29 . 2010-05-11 14:29 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-04 17:20 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-03 22:42 . 2010-04-23 22:52 -------- d-----w- c:\program files\FinalMediaPlayer
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2010-04-20 13:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-12-29 19:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 08:16 . 2009-04-05 09:51 1925088 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-04-21 05:36 . 2007-07-30 06:40 5632 -csha-w- c:\program files\Thumbs.db
2010-04-20 15:35 . 2006-03-21 18:33 60640 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-04-20 14:58 . 2010-04-20 14:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-20 14:58 . 2010-04-20 14:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 14:10 . 2010-04-19 14:10 1788 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-04-05 05:56 . 2006-03-15 00:06 1670 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether "= "c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2010-04-04 40448]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-06 68856]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-12-24 155648]
"SoundMan "= "SOUNDMAN.EXE" [2004-01-08 65536]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-11 2065248]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\If u aint Mike\Start Menu\Programs\Startup\
Magnifier.lnk - c:\windows\system32\magnify.exe [2004-8-4 72704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-20 14:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\??°Ãœ??]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\3qJjU7]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\?`?d?h?l?p?t?x?|???????]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-24 14:14 118784 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2010-05-04 22:22 1000960 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-05-04 23:21 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-06 05:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/20/2010 9:58 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/20/2010 9:58 AM 242896]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/2/2008 6:00 PM 13696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/20/2010 9:56 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/20/2010 9:56 AM 308064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/29/2009 2:25 PM 304464]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [4/21/2010 1:03 AM 10496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/29/2009 2:25 PM 20952]
S1 NoY0SSDpMFAXu2Ppqk=;NoY0SSDpMFAXu2Ppqk=;\??\c:\windows\system32\drivers\hHky+Bxe3hactKGKNClq8YOxz31CUUwtIhFkkVcrj9I3ipRIHtYD3QhjbZ/NoY0SSDpMFAXu2Ppqk=.sys --> c:\windows\system32\drivers\hHky+Bxe3hactKGKNClq8YOxz31CUUwtIhFkkVcrj9I3ipRIHtYD3QhjbZ/NoY0SSDpMFAXu2Ppqk=.sys [?]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\drivers\GRemoteBus.sys [8/5/2009 2:37 PM 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\drivers\GRemoteJoy.sys [8/5/2009 2:37 PM 39112]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [4/24/2010 7:56 PM 9472]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2/16/2008 9:30 AM 44928]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-30 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-20 20:39]

2010-07-01 c:\windows\Tasks\Malwarebytes' Scheduled Update for Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-20 20:39]

2008-01-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-06-14 20:31]

2010-07-01 c:\windows\Tasks\User_Feed_Synchronization-{CB61A855-3E8E-4CC2-BF02-9260A817ACD5}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{DA3D342F-FF20-4E31-9E82-22334155730C} - (no file)
SafeBoot-??°Ãœ??
SafeBoot-??°Ãœ??
SafeBoot-NoY0SSDpMFAXu2Ppqk
SafeBoot-?`?d?h?l?p?t?x?|???????



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
Binary file temp00 matches

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NoY0SSDpMFAXu2Ppqk=]
"ImagePath "= "\??\c:\windows\system32\drivers\hHky+Bxe3hactKGKNClq8YOxz31CUUwtIhFkkVcrj9I3ipRIHtYD3QhjbZ/NoY0SSDpMFAXu2Ppqk=.sys "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-861567501-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3044)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\slmdmsr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-07-01 09:11:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 14:11
ComboFix2.txt 2010-06-22 15:23
ComboFix3.txt 2008-01-20 16:48

Pre-Run: 33,448,398,848 bytes free
Post-Run: 33,628,565,504 bytes free

Current=1 Default=1 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2C61DDE2101CAA9FAA8920F3FC966E1C


I haven't tried the OTL yet, but will let you know if/when that has been completed.

~Vicki~

 

OTL doesn't seem to be working? I opened up the program, copy/pasted the list as instructed and clicked the "quick scan" option. The hour glass shows up but nothing seemed to be happening? When I tried closing the program I received the error "this program is not responding ".

I even tried deleting and reinstalling OTL, but found the results to be the same.

So needless to say, there are no reports to post.

~Vicki

 

Ok. Please do the following;

• Click START then RUN
• Now type Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
  
  ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

Delete OTL.

Let me know if there are any other problems

 

Sorry I'm so slow in replying!

Sorry it's taken me so long to reply....things just got a little hectic around here during the holiday weekend.

I have uninstalled combofix, deleted OTL and all of the other programs & text files we used when trying to repair my son's computer.

Haven't really used it that much since our "repairs ", so haven't noticed any other issues. But at least I know the security center now works and I have updated and defragged the machine!

If there are any other scans that you think I should do to make sure that it's officially clean, please let me know! Otherwise I think I can mark this thread "resolved "!

Thanks again crunchie, for all your time and help!

~Vicki

 

If all seems to be ok, we can call it a day .
You are welcome.