Unable to remove or add new Adobe Reader

View previous topic View next topic Go down

Unable to remove or add new Adobe Reader

Post by Lynangeel on Wed May 27, 2009 12:11 am

Trying to update Adobe Reader to 9.1 from 8.1 says error "cannot find key. Make sure you have access to key or contact personnel." key it cannot find is HKEY_LOCAL_MACHINE\Software\Microsoft\wWindows\Current Version\Run\Optional Components\MSFS

I HAVE TRIED REMOVING OLD ADOBE FIRST AND IT WILL NOT UNISTALL FOR SAME REASON

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Origin on Wed May 27, 2009 2:25 am

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    Adobe Reader

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Wed May 27, 2009 8:47 pm

Didn't work started to remove and still got same error message: Cannot find key

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Origin on Thu May 28, 2009 2:02 am


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Thu May 28, 2009 8:28 pm

ComboFix 09-05-26.05 - user 05/28/2009 10:49.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.585 [GMT -4:00]
Running from: C:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-28 14:47 . 2009-05-28 14:42 3003735 ----a-r C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w c:\program files\filehippo.com
2009-05-25 16:19 . 2009-05-26 17:11 -------- d-----w c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-05-26 03:10 -------- d-----w c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-21 01:24 . 2009-05-04 18:49 2051864 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-05-21 01:24 . 2009-05-04 18:49 2302232 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avguiadv.dll
2009-05-21 01:24 . 2009-05-04 18:49 3399960 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-05-21 01:24 . 2009-05-04 18:49 424472 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgwdwsc.dll
2009-05-21 01:24 . 2009-05-04 18:49 3288344 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-05-21 01:24 . 2009-05-04 18:49 486168 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgrsx.exe
2009-05-21 01:24 . 2009-05-04 18:49 312088 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglngx.dll
2009-05-21 01:24 . 2009-05-04 18:49 177432 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgmail.dll
2009-05-21 01:23 . 2009-05-04 18:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-05-21 01:23 . 2009-05-04 18:49 755992 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avginet.dll
2009-05-07 13:49 . 2009-05-07 13:49 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-06 22:57 . 2009-05-06 22:57 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-05-06 21:17 . 2009-05-06 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-05 03:23 . 2009-05-05 03:23 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-05-05 03:17 . 2009-05-05 03:17 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-05 03:16 . 2009-05-05 03:16 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-05-05 02:43 . 2009-05-05 02:43 -------- d-----w c:\windows\ie8updates
2009-05-05 02:43 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-05 02:40 . 2009-05-05 02:43 -------- dc-h--w c:\windows\ie8
2009-05-05 01:52 . 2009-05-28 14:54 117760 ----a-w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\user\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 02:26 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-05 01:21 . 2009-05-05 20:47 -------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-05-05 01:21 . 2009-05-25 03:24 -------- d-----w c:\program files\Unlocker
2009-05-04 21:40 . 2009-05-04 21:40 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Symantec
2009-05-04 21:30 . 2009-01-15 16:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 21:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-04 21:30 . 2009-05-04 21:30 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-04 21:30 . 2009-05-06 02:22 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-04 21:29 . 2009-05-04 23:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-04 21:23 . 2009-05-04 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 21:09 . 2009-05-04 21:24 -------- d-----w c:\documents and settings\user\Application Data\GetRightToGo
2009-05-03 12:33 . 2009-05-03 12:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-05-01 14:30 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-30 23:53 . 2009-04-30 23:53 57344 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3040364d-n\Decora-SSE.dll
2009-04-30 23:53 . 2009-04-30 23:53 24064 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5fdb0b86-n\Decora-D3D.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcp71.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\jmc.dll
2009-04-30 23:53 . 2009-04-30 23:53 348160 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcr71.dll
2009-04-30 23:43 . 2009-04-30 23:51 152576 ----a-w c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:42 . 2009-04-30 23:42 -------- d-----w c:\windows\Sun

.

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Thu May 28, 2009 8:28 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 22:20 . 2009-02-25 21:37 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-27 00:29 . 2008-06-02 01:34 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-25 01:51 . 2008-06-02 02:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 22:20 . 2009-04-05 05:24 -------- d-----w c:\program files\Yahoo!
2009-05-22 04:25 . 2006-12-20 20:01 19424 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 01:11 . 2009-03-01 17:52 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-05-07 14:27 . 2008-06-01 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-05-06 21:49 . 2008-06-02 01:21 -------- d-----w c:\program files\MSN Messenger
2009-05-06 02:26 . 2006-09-13 16:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 18:49 . 2009-02-24 21:27 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-04 18:49 . 2009-02-24 21:27 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-30 23:53 . 2006-09-13 18:41 -------- d-----w c:\program files\Java
2009-04-29 22:54 . 2006-12-21 03:19 -------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-04-29 22:51 . 2008-05-12 16:08 1 ----a-w c:\documents and settings\user\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-05 05:26 . 2009-04-05 05:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-05 05:25 . 2009-04-05 05:25 -------- d-----w c:\documents and settings\user\Application Data\Yahoo!
2009-03-18 21:55 . 2009-04-05 05:24 607472 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-03-09 09:19 . 2009-02-24 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-06-23 16:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2003-07-16 16:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2003-07-16 16:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2003-07-16 16:43 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2003-07-16 16:17 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2003-07-16 16:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2003-07-16 16:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2003-07-16 16:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2003-07-16 16:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2003-07-16 16:30 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 16:34 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-05-28 14:54 . 2009-05-28 14:54 16384 c:\windows\Temp\Perflib_Perfdata_244.dat
+ 2009-05-27 00:23 . 1996-01-12 22:00 24576 c:\windows\system32\STKIT432.DLL
+ 2008-06-02 03:06 . 2009-05-26 17:14 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-28 01:22 . 2009-05-28 01:22 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2009-05-28 01:22 . 2009-05-28 01:22 64160 c:\windows\system32\drivers\Lbd.sys
+ 2006-09-13 15:54 . 2009-05-26 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-13 15:54 . 2009-05-21 00:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-09-13 15:54 . 2009-05-21 00:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-09-13 15:54 . 2009-05-26 19:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-26 17:19 . 2009-05-26 17:19 78571 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-04-29 10:17 . 2009-04-29 10:17 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 2009-03-15 14:33 . 2009-01-16 22:45 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
- 2009-03-15 14:34 . 2009-01-16 23:16 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-04-28 10:23 . 2009-04-28 10:23 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2009-03-15 14:33 . 2009-01-16 22:45 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-04-29 10:17 . 2009-04-29 10:17 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2009-03-15 14:32 . 2009-01-16 21:19 67000 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-04-29 10:29 . 2009-04-29 10:29 67000 c:\windows\system32\Adobe\Director\SwDnld.exe
+ 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2009-03-15 14:34 . 2009-01-16 23:17 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2009-03-15 14:34 . 2009-01-16 23:16 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-04-29 10:28 . 2009-04-29 10:28 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe
- 2009-03-15 14:34 . 2009-01-16 23:18 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-04-29 10:17 . 2009-04-29 10:17 716800 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-04-28 10:26 . 2009-04-28 10:26 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-04-29 10:29 . 2009-04-29 10:29 202168 c:\windows\system32\Adobe\Director\SwDir.dll
- 2009-03-15 14:32 . 2009-01-16 21:19 202168 c:\windows\system32\Adobe\Director\swdir.dll
+ 2009-04-28 10:25 . 2009-04-28 10:25 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-04-28 10:00 . 2009-04-28 10:00 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
- 2009-03-15 14:33 . 2009-01-16 22:45 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-04-29 10:17 . 2009-04-29 10:17 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2009-03-15 14:34 . 2009-01-16 22:58 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-04-28 10:04 . 2009-04-28 10:04 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Thu May 28, 2009 8:29 pm

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2009 9:22 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/26/2009 1:56 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/26/2009 1:55 PM 1195008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/26/2009 1:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/26/2009 1:56 PM 257432]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 3:30 PM 33176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:22]

2009-05-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-28 10:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(3276)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Agnitum\Outpost Firewall\op_mon.exe
c:\program files\SpywareGuard\sgmain.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-05-28 11:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 15:00

Pre-Run: 28,965,339,136 bytes free
Post-Run: 29,147,865,088 bytes free

332 --- E O F --- 2009-05-23 07:01

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Origin on Thu May 28, 2009 8:56 pm

Now open a new notepad file.
Input this into the notepad file:

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Fri May 29, 2009 2:47 am

ComboFix 09-05-26.05 - user 05/28/2009 22:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.531 [GMT -4:00]
Running from: C:\Combo-Fix.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-29 )))))))))))))))))))))))))))))))
.

2009-05-28 14:47 . 2009-05-28 14:42 3003735 ----a-r C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w c:\program files\filehippo.com
2009-05-25 16:19 . 2009-05-29 02:12 -------- d-----w c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-05-26 03:10 -------- d-----w c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Fri May 29, 2009 2:48 am

2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-21 01:24 . 2009-05-04 18:49 2051864 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-05-21 01:24 . 2009-05-04 18:49 2302232 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avguiadv.dll
2009-05-21 01:24 . 2009-05-04 18:49 3399960 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-05-21 01:24 . 2009-05-04 18:49 424472 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgwdwsc.dll
2009-05-21 01:24 . 2009-05-04 18:49 3288344 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-05-21 01:24 . 2009-05-04 18:49 486168 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgrsx.exe
2009-05-21 01:24 . 2009-05-04 18:49 312088 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglngx.dll
2009-05-21 01:24 . 2009-05-04 18:49 177432 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgmail.dll
2009-05-21 01:23 . 2009-05-04 18:49 1437464 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-05-21 01:23 . 2009-05-04 18:49 755992 ----a-w c:\documents and settings\All Users\Application Data\Avg8\update\backup\avginet.dll
2009-05-07 13:49 . 2009-05-07 13:49 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-06 22:57 . 2009-05-06 22:57 -------- d-sh--w c:\documents and settings\user\IECompatCache
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\ESET
2009-05-06 21:17 . 2009-05-06 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-05 03:23 . 2009-05-05 03:23 -------- d-sh--w c:\documents and settings\user\PrivacIE
2009-05-05 03:17 . 2009-05-05 03:17 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-05 03:16 . 2009-05-05 03:16 -------- d-sh--w c:\documents and settings\user\IETldCache
2009-05-05 02:43 . 2009-05-05 02:43 -------- d-----w c:\windows\ie8updates
2009-05-05 02:43 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-05 02:40 . 2009-05-05 02:43 -------- dc-h--w c:\windows\ie8
2009-05-05 01:52 . 2009-05-28 14:54 117760 ----a-w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-05 01:51 . 2009-05-05 01:51 -------- d-----w c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-05-05 01:44 . 2009-05-05 01:44 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\user\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 02:26 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-05-05 01:33 . 2009-05-05 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-05-05 01:21 . 2009-05-05 20:47 -------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-05-05 01:21 . 2009-05-25 03:24 -------- d-----w c:\program files\Unlocker
2009-05-04 21:40 . 2009-05-04 21:40 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Symantec
2009-05-04 21:30 . 2009-01-15 16:19 23848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-04 21:30 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-04 21:30 . 2009-05-04 21:30 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-04 21:30 . 2009-05-06 02:22 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations
2009-05-04 21:29 . 2009-05-04 23:22 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-04 21:29 . 2009-05-04 23:21 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-04 21:23 . 2009-05-04 21:23 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-04 21:09 . 2009-05-04 21:24 -------- d-----w c:\documents and settings\user\Application Data\GetRightToGo
2009-05-03 12:33 . 2009-05-03 12:33 -------- d-----w c:\documents and settings\user\Local Settings\Application Data\PCHealth
2009-05-01 14:30 . 2007-08-02 02:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-30 23:53 . 2009-04-30 23:53 57344 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3040364d-n\Decora-SSE.dll
2009-04-30 23:53 . 2009-04-30 23:53 24064 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-5fdb0b86-n\Decora-D3D.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcp71.dll
2009-04-30 23:53 . 2009-04-30 23:53 499712 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\jmc.dll
2009-04-30 23:53 . 2009-04-30 23:53 348160 ----a-w c:\documents and settings\user\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-4525eb12-n\msvcr71.dll
2009-04-30 23:43 . 2009-04-30 23:51 152576 ----a-w c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-30 23:42 . 2009-04-30 23:42 -------- d-----w c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 02:12 . 2008-06-02 01:34 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 22:20 . 2009-02-25 21:37 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-25 01:51 . 2008-06-02 02:02 -------- d-----w c:\program files\Common Files\Adobe
2009-05-23 22:20 . 2009-04-05 05:24 -------- d-----w c:\program files\Yahoo!
2009-05-22 04:25 . 2006-12-20 20:01 19424 ----a-w c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 01:11 . 2009-03-01 17:52 -------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-05-07 14:27 . 2008-06-01 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-05-06 21:49 . 2008-06-02 01:21 -------- d-----w c:\program files\MSN Messenger
2009-05-06 02:26 . 2006-09-13 16:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-04 18:49 . 2009-02-24 21:27 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-04 18:49 . 2009-02-24 21:27 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-04 18:49 . 2009-02-24 21:27 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-30 23:53 . 2006-09-13 18:41 -------- d-----w c:\program files\Java
2009-04-29 22:54 . 2006-12-21 03:19 -------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-04-29 22:51 . 2008-05-12 16:08 1 ----a-w c:\documents and settings\user\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-05 05:26 . 2009-04-05 05:24 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-05 05:25 . 2009-04-05 05:25 -------- d-----w c:\documents and settings\user\Application Data\Yahoo!
2009-03-18 21:55 . 2009-04-05 05:24 607472 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-03-09 09:19 . 2009-02-24 21:37 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2006-06-23 16:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2003-07-16 16:26 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2003-07-16 16:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2003-07-16 16:43 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2003-07-16 16:17 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2003-07-16 16:24 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2003-07-16 16:24 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2003-07-16 16:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2003-07-16 16:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2003-07-16 16:30 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 16:34 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Fri May 29, 2009 2:49 am

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2009 9:22 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/26/2009 1:56 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/26/2009 1:55 PM 1195008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/26/2009 1:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/26/2009 1:56 PM 257432]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 3:30 PM 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:22]

2009-05-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-05-28 22:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(3244)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-29 22:41
ComboFix-quarantined-files.txt 2009-05-29 02:41
ComboFix2.txt 2009-05-28 15:00

Pre-Run: 28,964,401,152 bytes free
Post-Run: 29,139,730,432 bytes free

257 --- E O F --- 2009-05-23 07:01

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Lynangeel on Tue Jun 02, 2009 3:43 am

Still not able to uninstal or install Adobe. Thanks

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

still unable to update, add or remove adobe

Post by Lynangeel on Thu Jun 04, 2009 2:45 am

have done everything suggested and still nothing

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

Re: Unable to remove or add new Adobe Reader

Post by Belahzur on Thu Jun 04, 2009 10:45 am

Hello.
I want to try another CFScript.

Now open a new notepad file.
Input this into the notepad file:

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

combo fix txt

Post by Lynangeel on Sun Jun 07, 2009 6:53 pm

ComboFix 09-06-06.04 - user 06/07/2009 14:39.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -4:00]
Running from: C:\Combo-Fix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-03 00:12 . 2009-06-03 00:12 -------- d-----w- c:\windows\LastGood
2009-06-03 00:04 . 2009-06-03 00:04 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 14:47 . 2009-06-07 18:34 3018938 ----a-r- C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w- c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w- c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w- c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w- c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w- c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\filehippo.com
2009-05-25 16:19 . 2009-06-07 16:40 -------- d-----w- c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w- c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-06-07 16:41 -------- d-----w- c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w- C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-06-03 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w- c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

combofix results

Post by Lynangeel on Sun Jun 07, 2009 6:54 pm

2009-06-03 00:12 . 2009-06-03 00:12 -------- d-----w- c:\windows\LastGood
2009-06-03 00:04 . 2009-06-03 00:04 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 14:47 . 2009-06-07 18:34 3018938 ----a-r- C:\Combo-Fix.exe
2009-05-28 02:06 . 2009-05-28 01:22 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 01:21 . 2009-05-28 01:21 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-28 01:17 . 2009-05-28 01:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-28 01:17 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-28 01:16 . 2009-05-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-28 01:16 . 2009-05-28 01:16 -------- d-----w- c:\program files\Lavasoft
2009-05-27 21:41 . 2009-05-27 22:06 -------- d-----w- c:\program files\TweakNow RegCleaner
2009-05-27 21:41 . 2009-05-27 22:04 -------- d-----w- c:\documents and settings\user\Application Data\TweakNow RegCleaner
2009-05-27 20:53 . 2009-05-27 20:57 -------- d-----w- c:\documents and settings\user\Application Data\RegistryPC
2009-05-27 20:41 . 2009-05-27 20:41 -------- d-----w- c:\program files\VS Revo Group
2009-05-26 19:30 . 2009-05-26 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-26 19:30 . 2009-05-26 19:30 -------- d-----w- c:\program files\NOS
2009-05-26 17:56 . 2009-04-06 15:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2009-05-26 17:56 . 2009-02-10 20:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2009-05-26 17:55 . 2009-02-18 21:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2009-05-26 17:55 . 2009-05-26 17:55 -------- d-----w- c:\program files\Agnitum
2009-05-26 17:54 . 2009-05-26 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum
2009-05-26 16:58 . 2009-05-26 16:58 -------- d-----w- c:\program files\filehippo.com
2009-05-25 16:19 . 2009-06-07 16:40 -------- d-----w- c:\program files\SpywareGuard
2009-05-25 03:41 . 2009-05-25 03:41 -------- d-----w- c:\documents and settings\user\iProfit eBook Package
2009-05-25 02:08 . 2009-05-25 02:08 0 ----a-w- c:\windows\nsreg.dat
2009-05-25 02:08 . 2009-05-25 02:08 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-25 00:07 . 2009-05-25 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-24 23:59 . 2009-06-07 16:41 -------- d-----w- c:\program files\SpywareBlaster
2009-05-24 23:59 . 2005-08-25 23:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-05-24 23:58 . 2009-05-24 23:58 3012768 ----a-w- C:\spywareblastersetup42.exe
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-05-23 22:05 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-23 22:05 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-23 22:05 . 2009-06-03 00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-23 22:05 . 2009-05-23 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-22 20:45 . 2009-05-22 20:45 -------- d-----w- c:\program files\Trend Micro
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\MSBuild
2009-05-22 04:23 . 2009-05-22 04:23 -------- d-----w- c:\program files\Reference Assemblies
2009-05-22 02:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-22 02:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-22 02:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-22 02:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-22 02:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

combo fix txt

Post by Lynangeel on Sun Jun 07, 2009 6:55 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 18:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/27/2009 9:22 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 5:27 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 5:27 PM 108552]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [5/26/2009 1:56 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [5/26/2009 1:55 PM 1195008]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/24/2009 5:27 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/24/2009 5:27 PM 298776]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [5/26/2009 1:55 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [5/26/2009 1:56 PM 257432]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/23/2009 6:05 PM 40160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/26/2009 3:30 PM 33176]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:22]

2009-06-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 21:39]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.]
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-07 14:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

- - - - - - - > 'explorer.exe'(2572)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-07 14:46
ComboFix-quarantined-files.txt 2009-06-07 18:46
ComboFix2.txt 2009-05-29 02:41
ComboFix3.txt 2009-05-28 15:00

Pre-Run: 29,273,178,112 bytes free
Post-Run: 29,315,641,344 bytes free

218 --- E O F --- 2009-05-23 07:01

Lynangeel
Intermediate
Intermediate

Status :
Online
Offline

Posts : 91
Joined : 2009-05-07
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum