trojan horse generic22.AWDJ

[maxman]

i download what i thought was an avg patch but no, later to find out it was the trojan hosre generic22.AWDJ virus
iv,e learnt my lesson not to download from unverified sites and wont do it again.
please can anybody help me get rid of this thing its everywhere on my computer
ive done the normal antivirus checks using avg "real paid for" and spybot + macafee none are picking it up +factory clean install from acer advanced recovery many times but still its here.
ive disabled win updates because when it updates this thing installs 2000+files then crashes on restart and windows recovery comes in and restores to "last good known boot" then when everythings up and running again it wants me to restart again and so on and so on ,ive deleted the downloaded file and all associated files and folders including any temp /c:/users/name/appdatta/temp/
using the net is a nightmare its a miracle i,m on here at all, every time i use ie/chrome` and search for something i get the search but the links get redirected seems to be the same bunch of about 5/6 "ebay/scour/genimo or something in the same criteria if i click back, then the link again it might get what i asked for, i,m currently looking through files with anything "date modified from the date i installed win7 from acer recovery ignoring anything before that date and checking/researching every file ,i can only think its burring its self into the recovery partition
i have factory discs i made when i first got it and made a boot disc but i dont know how to install these from a fresh ,i learn fast please help.i,running a acer 5552 laptop with daul cor p340,s 3gb memory 500gb hdd win7 premium .

i download what i thought was an avg patch but no, later to find out it was the trojan hosre generic22.AWDJ virus
iv,e learnt my lesson not to download from unverified sites and wont do it again.
please can anybody help me get rid of this thing its everywhere on my computer
ive done the normal antivirus checks using avg "real paid for" and spybot + macafee none are picking it up +factory clean install from acer advanced recovery many times but still its here.
ive disabled win updates because when it updates this thing installs 2000+files then crashes on restart and windows recovery comes in and restores to "last good known boot" then when everythings up and running again it wants me to restart again and so on and so on ,ive deleted the downloaded file and all associated files and folders including any temp /c:/users/name/appdatta/temp/
using the net is a nightmare its a miracle i,m on here at all, every time i use ie/chrome` and search for something i get the search but the links get redirected seems to be the same bunch of about 5/6 "ebay/scour/genimo or something in the same criteria if i click back, then the link again it might get what i asked for, i,m currently looking through files with anything "date modified from the date i installed win7 from acer recovery ignoring anything before that date and checking/researching every file ,i can only think its burring its self into the recovery partition
i have factory discs i made when i first got it and made a boot disc but i dont know how to install these from a fresh ,i learn fast please help.i,running a acer 5552 laptop with daul cor p340,s 3gb memory 500gb hdd win7 premium .

how do i do a dos log so i can show you whats going on ?

[tashi]

Hello maxman,

In case you missed it please see the forum FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide preliminary "DDS" logs used for analysis.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

Then start a new topic and a volunteer analyst will advise you when available.

As per that sticky topic if DDS won't run and produce a log please start a new topic anyway and explain the situation.

Best regards.

[maxman]

hi i,m new to this sorry if i dont go the right way round about things. first things first i posted a thread about the problems i had and got a response "read f.a.q" and did, but nothing told me how to do a dds log please please help me ,if i can do this then i can get on track how things run on your most helpfull site yours thankfully a much in need soul

[maxman]

i download what i thought was an avg patch but no, later to find out it was the trojan hosre generic22.AWDJ virus
iv,e learnt my lesson not to download from unverified sites and wont do it again.
please can anybody help me get rid of this thing its everywhere on my computer
ive done the normal antivirus checks using avg "real paid for" and spybot + macafee none are picking it up +factory clean install from acer advanced recovery many times but still its here.
ive disabled win updates because when it updates this thing installs 2000+files then crashes on restart and windows recovery comes in and restores to "last good known boot" then when everythings up and running again it wants me to restart again and so on and so on ,ive deleted the downloaded file and all associated files and folders including any temp /c:/users/name/appdatta/temp/
using the net is a nightmare its a miracle i,m on here at all, every time i use ie/chrome` and search for something i get the search but the links get redirected seems to be the same bunch of about 5/6 "ebay/scour/genimo or something in the same criteria if i click back, then the link again it might get what i asked for, i,m currently looking through files with anything "date modified from the date i installed win7 from acer recovery ignoring anything before that date and checking/researching every file ,i can only think its burring its self into the recovery partition
i have factory discs i made when i first got it and made a boot disc but i dont know how to install these from a fresh ,i learn fast please help.i,running a acer 5552 laptop with daul cor p340,s 3gb memory 500gb hdd win7 premium . p.s ive sorted the google redirect problem with a thread posted "google redirect problem" with aswMBR download it found a rootkit and got rid that way /any more info to get rid for good please? very very grateful

[tashi]

Hello maxman,

hi i,m new to this sorry if i dont go the right way round about things. first things first i posted a thread about the problems i had and got a response "read f.a.q" and did, but nothing told me how to do a dds log

In case you missed it please see the forum FAQ which also includes guidelines for this forum and instructions in post #2 on how to provide preliminary "DDS" logs used for analysis.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

From post #2.

DDS Log

Download to your desktop DDS from one of the links below:

Link 1
Link 2

• Double click the tool to run it.
• If a black Screen opens, just read the contents and do nothing.
• When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
• Copy/Paste the contents of 'DDS.txt' into your post.
• 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

If the infection prevents DDS from running, please start a topic anyway and make note of the situation. Please don't post other logs other than the DDS until requested.

[maxman]

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by maxman at 16:12:52 on 2011-05-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2811.1614 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\maxman\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\atibtmon.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\maxman\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101214205412.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\maxman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\Users\maxman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101214205412.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-15 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-23 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McMPFSvc;McAfee Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-12-15 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-12-15 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-12-15 148520]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-23 1153368]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-15 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-24 984392]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-25 01:09:04 4480 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-05-24 23:08:38 -------- d-----w- C:\Program Files (x86)\ESET
2011-05-24 13:47:35 -------- d--h--w- C:\MyWinLockerData
2011-05-24 13:33:45 -------- d-----w- C:\Program Files (x86)\Conduit
2011-05-24 13:33:42 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-05-24 13:33:38 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-05-24 13:33:36 -------- d-----w- C:\extensions
2011-05-24 11:01:11 -------- d-----w- C:\Users\maxman\AppData\Roaming\AVG10
2011-05-24 10:56:19 -------- d--h--w- C:\ProgramData\Common Files
2011-05-24 10:56:11 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2011-05-24 10:55:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-05-24 10:54:52 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-05-24 10:54:52 -------- d-----w- C:\ProgramData\AVG10
2011-05-24 10:54:11 -------- d-----w- C:\Program Files (x86)\AVG
2011-05-24 08:44:36 -------- d-----w- C:\ProgramData\MFAData
2011-05-24 08:08:56 -------- d-----w- C:\Users\maxman\AppData\Local\Google
2011-05-24 08:06:46 -------- d-----w- C:\Users\maxman\AppData\Local\Deployment
2011-05-24 08:06:46 -------- d-----w- C:\Users\maxman\AppData\Local\Apps
2011-05-24 01:55:06 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-05-23 19:30:24 -------- d-----w- C:\ProgramData\boost_interprocess
2011-05-23 18:33:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-23 18:33:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-23 17:50:27 -------- d-----w- C:\Users\maxman\AppData\Local\EgisTec IPS
2011-05-23 17:49:46 -------- d-----w- C:\Users\maxman\AppData\Local\VirtualStore
2011-05-23 17:26:48 -------- d-----w- C:\ProgramData\NTI Launcher
2011-05-23 17:25:31 -------- d-----w- C:\Program Files (x86)\NTI
2011-05-23 17:24:56 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-05-23 17:23:41 -------- d-----w- C:\Windows\en
2011-05-23 17:23:08 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-23 17:22:19 -------- d-----w- C:\Windows\PCHEALTH
2011-05-23 17:22:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-05-23 17:22:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-05-23 17:22:00 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-05-23 17:22:00 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-05-23 17:19:55 33000960 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\click2run64.msi
2011-05-23 17:19:55 26051072 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\click2run.msi
2011-05-23 17:18:32 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-05-23 17:17:08 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-05-23 17:17:08 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-05-23 17:17:08 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-05-23 17:16:41 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-23 17:16:40 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-05-23 17:16:28 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-05-23 17:12:18 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2011-05-23 17:12:18 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2011-05-23 17:12:18 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-05-23 17:12:18 191688 ----a-w- C:\Windows\flicker.dll
2011-05-23 17:12:18 11976 ----a-w- C:\Windows\setpwlin.exe
2011-05-23 17:12:18 -------- d-----w- C:\Program Files (x86)\AcerCrystalEye
2011-05-23 17:10:55 -------- d-----w- C:\Program Files\Elantech
2011-05-23 17:07:32 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-23 17:05:17 -------- d---a-w- C:\book
2011-05-23 17:03:48 0 ----a-w- C:\Windows\ativpsrm.bin
2011-05-23 17:01:42 38528 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-05-23 17:00:22 -------- d-----w- C:\Program Files\ATI
2011-05-23 17:00:18 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M ====================
.
2011-04-14 20:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-04 23:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-03-16 15:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-03-01 13:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 16:13:54.74 ===============

[tashi]

New topic: http://forums.spybot.info/showthread.php?t=62845