PDA

View Full Version : dds log as requested



maxman
2011-05-26, 04:03
hi here is the dds log as requested see post http://forums.spybot.info/showthread.php?p=405727


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by maxman at 16:12:52 on 2011-05-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2811.1614 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\maxman\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\atibtmon.exe
C:\Users\maxman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\maxman\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101214205412.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\maxman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\Users\maxman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101214205412.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-15 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-23 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McMPFSvc;McAfee Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-12-15 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-12-15 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-12-15 148520]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-23 1153368]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-15 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-24 984392]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2009-12-15 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-25 01:09:04 4480 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-05-24 23:08:38 -------- d-----w- C:\Program Files (x86)\ESET
2011-05-24 13:47:35 -------- d--h--w- C:\MyWinLockerData
2011-05-24 13:33:45 -------- d-----w- C:\Program Files (x86)\Conduit
2011-05-24 13:33:42 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-05-24 13:33:38 -------- d-----w- C:\Program Files (x86)\uTorrentBar
2011-05-24 13:33:36 -------- d-----w- C:\extensions
2011-05-24 11:01:11 -------- d-----w- C:\Users\maxman\AppData\Roaming\AVG10
2011-05-24 10:56:19 -------- d--h--w- C:\ProgramData\Common Files
2011-05-24 10:56:11 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2011-05-24 10:55:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-05-24 10:54:52 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-05-24 10:54:52 -------- d-----w- C:\ProgramData\AVG10
2011-05-24 10:54:11 -------- d-----w- C:\Program Files (x86)\AVG
2011-05-24 08:44:36 -------- d-----w- C:\ProgramData\MFAData
2011-05-24 08:08:56 -------- d-----w- C:\Users\maxman\AppData\Local\Google
2011-05-24 08:06:46 -------- d-----w- C:\Users\maxman\AppData\Local\Deployment
2011-05-24 08:06:46 -------- d-----w- C:\Users\maxman\AppData\Local\Apps
2011-05-24 01:55:06 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-05-23 19:30:24 -------- d-----w- C:\ProgramData\boost_interprocess
2011-05-23 18:33:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-05-23 18:33:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-23 17:50:27 -------- d-----w- C:\Users\maxman\AppData\Local\EgisTec IPS
2011-05-23 17:49:46 -------- d-----w- C:\Users\maxman\AppData\Local\VirtualStore
2011-05-23 17:26:48 -------- d-----w- C:\ProgramData\NTI Launcher
2011-05-23 17:25:31 -------- d-----w- C:\Program Files (x86)\NTI
2011-05-23 17:24:56 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-05-23 17:23:41 -------- d-----w- C:\Windows\en
2011-05-23 17:23:08 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-23 17:22:19 -------- d-----w- C:\Windows\PCHEALTH
2011-05-23 17:22:01 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-05-23 17:22:01 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-05-23 17:22:00 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-05-23 17:22:00 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-05-23 17:19:55 33000960 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\click2run64.msi
2011-05-23 17:19:55 26051072 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\click2run.msi
2011-05-23 17:18:32 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-05-23 17:17:08 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-05-23 17:17:08 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-05-23 17:17:08 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-05-23 17:16:41 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-23 17:16:40 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-05-23 17:16:28 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-05-23 17:12:18 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2011-05-23 17:12:18 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2011-05-23 17:12:18 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-05-23 17:12:18 191688 ----a-w- C:\Windows\flicker.dll
2011-05-23 17:12:18 11976 ----a-w- C:\Windows\setpwlin.exe
2011-05-23 17:12:18 -------- d-----w- C:\Program Files (x86)\AcerCrystalEye
2011-05-23 17:10:55 -------- d-----w- C:\Program Files\Elantech
2011-05-23 17:07:32 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-23 17:05:17 -------- d---a-w- C:\book
2011-05-23 17:03:48 0 ----a-w- C:\Windows\ativpsrm.bin
2011-05-23 17:01:42 38528 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-05-23 17:00:22 -------- d-----w- C:\Program Files\ATI
2011-05-23 17:00:18 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M ====================
.
2011-04-14 20:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-04 23:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-03-16 15:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-03-01 13:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 16:13:54.74 ===============

Blade81
2011-05-31, 20:02
Hi,

Uninstall uTorrentBar Toolbar.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

maxman
2011-06-01, 19:34
:D: here are the logs you requested but first let me explain that i did a factory clean install from acer recovery on local HDD x: ,installed avast and did a boot scan and it turned up a temp system windows cab archive corrupt and now un installed avast ,windows update wants to install new "important updates" but i,m scarred to , checked for your post and i,m ready to follow your instruction thanks in advance for your help.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by MAXAMAN at 16:57:44 on 2011-06-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2811.1310 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\MAXAMAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\MAXAMAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MAXAMAN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
StartupFolder: C:\Users\MAXAMAN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-12-15 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-5-30 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-15 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswMonFlt;aswMonFlt; [x]
RUnknown aswSnx;aswSnx; [x]
RUnknown aswSP;aswSP; [x]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-1 136176]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-01 00:07:17 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-01 00:07:17 -------- d-----w- C:\Program Files\AVAST Software
2011-05-31 21:48:49 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-05-31 21:48:49 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-05-31 21:48:49 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-05-31 21:48:49 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-05-31 21:48:49 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-05-31 21:48:49 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-05-31 21:48:49 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-05-31 21:48:49 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-05-31 21:48:49 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-05-31 21:48:49 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-05-31 20:38:03 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-05-31 20:26:50 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C6278F4-D511-44B7-9C72-2CD483EE3423}\mpengine.dll
2011-05-31 20:26:50 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-30 18:46:25 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-30 18:18:31 98816 ----a-w- C:\Windows\sed.exe
2011-05-30 18:18:31 518144 ----a-w- C:\Windows\SWREG.exe
2011-05-30 18:18:31 256512 ----a-w- C:\Windows\PEV.exe
2011-05-30 18:18:31 208896 ----a-w- C:\Windows\MBR.exe
2011-05-30 10:34:11 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-05-30 02:45:05 -------- d-----w- C:\Users\MAXAMAN\AppData\Local\Google
2011-05-30 02:43:50 -------- d-----w- C:\Users\MAXAMAN\AppData\Local\Deployment
2011-05-30 02:43:50 -------- d-----w- C:\Users\MAXAMAN\AppData\Local\Apps
2011-05-30 02:27:45 -------- d-----w- C:\ProgramData\boost_interprocess
2011-05-30 02:26:12 -------- d-----w- C:\Users\MAXAMAN\AppData\Local\EgisTec IPS
2011-05-30 02:25:34 -------- d-----w- C:\Users\MAXAMAN\AppData\Local\VirtualStore
2011-05-30 02:24:31 -------- d-----w- C:\Program Files (x86)\OEM
2011-05-30 02:24:09 -------- d-----w- C:\Program Files\Acer Accessory Store
2011-05-30 02:06:35 -------- d-----w- C:\ProgramData\NTI Launcher
2011-05-30 02:05:05 -------- d-----w- C:\Program Files (x86)\NTI
2011-05-30 02:04:29 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-05-30 02:03:09 -------- d-----w- C:\Windows\en
2011-05-30 02:02:31 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-05-30 02:00:40 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-05-30 01:57:52 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-05-30 01:55:55 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-05-30 01:55:55 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-05-30 01:55:55 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-05-30 01:55:28 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-05-30 01:51:05 51712 ----a-w- C:\Windows\AutosetFrequency.exe
2011-05-30 01:51:05 214400 ----a-w- C:\Windows\SysWow64\snpropwp.dll
2011-05-30 01:51:05 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-05-30 01:51:05 191688 ----a-w- C:\Windows\flicker.dll
2011-05-30 01:51:05 11976 ----a-w- C:\Windows\setpwlin.exe
2011-05-30 01:51:05 -------- d-----w- C:\Program Files (x86)\AcerCrystalEye
2011-05-30 01:49:41 -------- d-----w- C:\Program Files\Elantech
2011-05-30 01:46:19 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-05-30 01:44:06 -------- d---a-w- C:\book
2011-05-30 01:42:43 0 ----a-w- C:\Windows\ativpsrm.bin
2011-05-30 01:41:49 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-05-30 01:40:38 38528 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2011-05-30 01:39:13 -------- d-----w- C:\Program Files\ATI
2011-05-30 01:39:10 -------- d-----w- C:\Program Files (x86)\ATI Technologies
.
==================== Find3M ====================
.
.
============= FINISH: 16:58:20.34 ===============

Blade81
2011-06-01, 23:43
Thanks for the info. Please post fresh attach.txt log too and let me know about current symptoms left (if any).

maxman
2011-06-02, 01:57
please find below attach log and symptoms
are as follows are
1,when i open ie i get http://acer.uk.msn.com/?pc=MAAR" the "?pc=MAAR makes me think that something is trying to track what i,m doing "ie key logger" for later and try and send to whom wrote the trojan in the first place .
2, is that windows update wants me to "install important updates" but from past experience has just reinstalled the virus again ,maybe attached itself to windows updates so how ?
when all this is done can i go for a full clean install i,m running on bear min and backed everything up that i want to keep?????????



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 30/05/2011 03:23:41
System Uptime: 01/06/2011 14:33:52 (2 hours ago)
.
Motherboard: Acer | | JE51_DN
Processor: AMD Athlon(tm) II P340 Dual-Core Processor | Socket S1G4 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 426.783 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 30/05/2011 19:18:33 - ComboFix created restore point
RP2: 31/05/2011 21:26:30 - Windows Update
RP3: 01/06/2011 01:07:05 - avast! Free Antivirus Setup
RP4: 01/06/2011 16:16:13 - Windows Update
RP5: 01/06/2011 16:35:48 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Airport Mania First Flight
Amazonia
Backup Manager Basic
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD 9
D3DX10
Dream Day First Home
eBay Worldwide
ERUNT 1.1j
eSobi v2
Farm Frenzy 2
Galapago
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas
Identity Card
Junk Mail filter update
Launch Manager
Merriam Websters Spell Jam
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSVCRT_amd64
MyWinLocker
MyWinLocker Suite
Norton Online Backup
NTI Media Maker 9
Poker Pop
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Shredder
Spin & Win
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
30/05/2011 19:23:30, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
30/05/2011 19:23:10, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
30/05/2011 18:56:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
30/05/2011 16:26:50, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
01/06/2011 16:57:35, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
01/06/2011 16:30:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2443685).
01/06/2011 16:30:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2387530).
01/06/2011 16:30:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2425227).
01/06/2011 16:16:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================

maxman
2011-06-02, 02:00
i,m trying to delay windows update as much as poss through fear .

Blade81
2011-06-02, 12:47
Hi,

1. That's nothing to be afraid of. It's not keylogger or anything malicious.
2. Yes, you should install offered Windows updates.

maxman
2011-06-02, 14:57
:D: thank you for getting back so soon allowed windows to install updates ,so far so good, its currently downloading 11 more updates let you know what happens this is just for piece of mind can make another dds log if you need it just to check .

Blade81
2011-06-02, 14:59
Ok, shall wait to hear how the updating went :)

maxman
2011-06-02, 17:03
:):) everything seems to be ok all updates installed even ie9 but i prefer to use google its faster ,did you find anything in logs that might still be lurking ?

maxman
2011-06-02, 17:38
:sad:I have a confession to make,
please find below a combo fix scan i did before you asked me to do 1 "Note the other deletions" section
"c:\programdata\FullRemove.exe" this did now show up on the scan you asked me to do sorry if i jumped the gun.

ComboFix 11-05-30.04 - MAXAMAN 30/05/2011 19:19:32.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2811.1985 [GMT 1:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 18:23 . 2011-05-30 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 18:05 . 2011-05-30 18:18 -------- d-----w- C:\32788R22FWJFW
2011-05-30 17:57 . 2011-05-30 17:57 -------- d-----w- c:\program files (x86)\ERUNT
2011-05-30 10:34 . 2011-05-30 10:34 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-05-30 02:27 . 2011-05-30 18:10 -------- d-----w- c:\programdata\boost_interprocess
2011-05-30 02:24 . 2011-05-30 02:24 -------- d-----w- c:\program files (x86)\OEM
2011-05-30 02:24 . 2011-05-30 02:24 -------- d-----w- c:\program files\Acer Accessory Store
2011-05-30 02:23 . 2011-05-30 02:25 -------- d-----w- c:\users\MAXAMAN
2011-05-30 02:23 . 2011-05-30 02:23 -------- d-----w- C:\Recovery
2011-05-30 02:06 . 2011-05-30 02:06 -------- d-----w- c:\programdata\NTI Launcher
2011-05-30 02:05 . 2011-05-30 02:05 -------- d-----w- c:\program files (x86)\NTI
2011-05-30 02:04 . 2011-05-30 02:04 -------- d-----w- c:\programdata\FLEXnet
2011-05-30 02:04 . 2011-05-30 02:04 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-05-30 02:03 . 2011-05-30 02:03 -------- d-----w- c:\windows\en
2011-05-30 02:02 . 2011-05-30 02:02 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-05-30 02:00 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-05-30 02:00 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-05-30 02:00 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-05-30 02:00 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-05-30 02:00 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-05-30 02:00 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-05-30 02:00 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2011-05-30 02:00 . 2011-05-30 02:00 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-05-30 01:57 . 2011-05-30 01:57 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2011-05-30 01:55 . 2011-05-30 01:57 -------- d-----w- c:\program files (x86)\CyberLink
2011-05-30 01:55 . 2011-05-30 01:55 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-05-30 01:55 . 2011-05-30 01:55 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-05-30 01:55 . 2011-05-30 01:55 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-05-30 01:55 . 2011-05-30 02:30 -------- d-----w- c:\program files (x86)\Microsoft
2011-05-30 01:51 . 2011-05-30 01:51 -------- d-----w- c:\program files (x86)\AcerCrystalEye
2011-05-30 01:51 . 2010-07-14 12:54 191688 ----a-w- c:\windows\flicker.dll
2011-05-30 01:51 . 2010-07-14 12:53 11976 ----a-w- c:\windows\setpwlin.exe
2011-05-30 01:51 . 2010-06-09 17:54 206208 ----a-w- c:\windows\PLFSetI.exe
2011-05-30 01:51 . 2010-06-01 15:39 214400 ----a-w- c:\windows\SysWow64\snpropwp.dll
2011-05-30 01:51 . 2010-02-12 14:33 51712 ----a-w- c:\windows\AutosetFrequency.exe
2011-05-30 01:49 . 2011-05-30 01:49 -------- d-----w- c:\program files\Elantech
2011-05-30 01:46 . 2011-05-30 01:46 -------- d-----w- c:\program files (x86)\Launch Manager
2011-05-30 01:44 . 2011-05-30 01:44 -------- d---a-w- C:\book
2011-05-30 01:42 . 2011-05-30 01:42 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-30 01:41 . 2011-05-30 01:41 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2011-05-30 01:40 . 2011-05-30 01:40 -------- dc----w- c:\windows\system32\DRVSTORE
2011-05-30 01:40 . 2010-04-28 21:43 38528 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2011-05-30 01:39 . 2011-05-30 01:39 -------- d-----w- c:\program files\ATI
2011-05-30 01:39 . 2011-05-30 01:40 -------- d-----w- c:\program files (x86)\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
.
c:\users\MAXAMAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856051602-3803119916-414088809-1000Core.job
- c:\users\MAXAMAN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 02:45]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1856051602-3803119916-414088809-1000UA.job
- c:\users\MAXAMAN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 02:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-21 11444840]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-30 19:25:05
ComboFix-quarantined-files.txt 2011-05-30 18:25
.
Pre-Run: 461,020,155,904 bytes free
Post-Run: 460,907,192,320 bytes free
.
- - End Of File - - CF70971402AF083639649000BAD50E0F

Blade81
2011-06-02, 19:17
Hi,

Nothing malicious in those logs but some outdated software is present. I recommend to install and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.

Uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

maxman
2011-06-02, 23:55
installed Secunia Personal Software Inspector (PSI) but when i ran it ,it seemed to stall on testing internet connection .
:thanks: to yourself and spy bot for the help you have given me keep up the good work a very grateful maxan.:D:
combo fix is run from a usb drive ,
is it ok to install my backed up programs/files now ?

maxman
2011-06-02, 23:59
can i uninstall erunt ?

Blade81
2011-06-03, 17:04
Hi,

You could open a topic for PSI issue on their forum (http://secunia.com/community/forum/PSI).


combo fix is run from a usb drive
You should still run the commands I listed in previous post if not done yet. Even if ComboFix was run from a usb drive.


is it ok to install my backed up programs/files now ?
Yes and ERUNT can be uinstalled.

maxman
2011-06-04, 02:42
thanks for the tip on psi sorted, combofix not found when "run combofix /uninstall"???? installed all my programs everything working a ok :thanks: once again :D: maxman.

Blade81
2011-06-04, 11:35
Hi,

Please download & run this (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) uninstaller.

maxman
2011-06-04, 12:23
installed and ran the link :thanks:

Blade81
2011-06-04, 12:27
Good. Any issues left or shall we mark the topic as resolved? :)

maxman
2011-06-04, 13:42
just 1 more thing if its ok i,m waiting on a windows update "its a big file " 88.1mb if all goes well with that then i think that will be job done :thanks: so much for bearing with me let you know how it goes .:)

maxman
2011-06-04, 15:26
:thanks: the update was service pack 1 everything running sweet :)
after reading other threads i,m going to download panda USB anti malware tool
and malwarebites just to keep on top of things ,
once again :thanks: so much for your help, great job you guys do :eek:maxman

Blade81
2011-06-04, 15:57
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.