TechSpot

MBAM refuses to delete

By JDex
Mar 16, 2011
  1. Hi guys, I'm a long time viewer and first time poster, your general advice has saved my comps/laptops many a time. I recently bought a new PC and everything has been going well, I installed all the anti-virus' etc that I thought I'd need and it's all been good.

    However over the last couple of days my net connection turns itself off sporadically and the screen flashes black for an instant. I ran AVG, Ad-Aware and Malwarebytes. The net troubles seemed to have stopped, but that's without the help of Malwarebytes. It refuses to work, refuses to uninstall or re-install. I just don't know what to do with it! Something is wrong, I just have no idea what. It worked fine a few days beforehand.

    Any help would be greatly appreciated, it's like a week old! :(
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Glad you decided to stop by.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    If you still cannot run Malwarebytes:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again
     
  3. JDex

    JDex TS Rookie Topic Starter

    Thanks for the reply,

    The AVG scan was clean.
    Re-installing MBAM still didn't work, and randmbam.exe stated 'ERROR: Unable to locate the Malwarebytes program. You may need to try to download and install it again from a known good source.' The only file that does not allow to be touched is the MBAM application itself.
    GMER found nothing, and no log file was produced to save.

    Tried to delete the games that came with the desktop, and AVG proceeded to find a number of trojans within it. Now the net has completely slowed and freezes. I don't know what I'm doing wrong :rolleyes: Sorry if I've missed anything.

    DDS.
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by Jack at 21:30:13.37 on 16/03/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3063.1574 [GMT 0:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\OEM\USBDECTION\USBS3S4Detection.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\AVG\AVG10\avgfws.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
    C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG10\avgam.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\Jack\AppData\Local\Opera\Opera\temporary_downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.youtube.com/
    uDefault_Page_URL = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
    mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: {0050B548-63D8-4728-A5C1-B7FFC91EFAB9} = 156.154.70.22,156.154.71.22
    TCP: {CDF60D99-D097-4F1B-BD6C-C4FCF3AAC390} = 156.154.70.22,156.154.71.22
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    AppInit_DLLs-X64: C:\Windows\system32\guard64.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-7 69376]
    R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2010-7-12 57696]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-1-6 250008]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-1-6 39888]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2010-11-22 3226632]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-3-2 163280]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-4 1405384]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2011-3-15 110312]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-31 243232]
    R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-14 76320]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-3 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-3 35920]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-4 17152]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-8-31 86120]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 346144]
    R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2010-8-31 620576]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-3-7 517448]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-8 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-8 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-03-16 20:44:44 -------- d-----w- C:\Users\Jack\AppData\Local\Cyberlink
    2011-03-16 20:44:33 -------- d-----w- C:\Users\Jack\AppData\Roaming\PowerCinema
    2011-03-16 20:44:33 -------- d-----w- C:\Users\Jack\AppData\Local\PowerCinema
    2011-03-15 09:31:37 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-03-13 22:34:46 -------- d-----w- C:\PROGRA~3\Friends Games
    2011-03-13 09:55:55 84480 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA4.DLL
    2011-03-13 09:55:55 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA4.DLL
    2011-03-13 09:55:45 344064 ----a-w- C:\Windows\System32\CNMLMA4.DLL
    2011-03-13 09:52:04 -------- d-----w- C:\Users\Jack\AppData\Local\Microsoft Help
    2011-03-09 09:09:01 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
    2011-03-09 09:09:01 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
    2011-03-09 08:51:01 -------- d-----w- C:\AeriaGames
    2011-03-09 08:36:23 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
    2011-03-08 11:41:14 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
    2011-03-08 10:13:11 -------- d-----w- C:\Program Files (x86)\MSECache
    2011-03-08 09:29:36 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-03-08 09:29:35 -------- d-----w- C:\Windows\System32\Wat
    2011-03-08 09:25:36 -------- d-----w- C:\Users\Jack\AppData\Local\Opera
    2011-03-08 09:24:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-03-08 09:20:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-03-08 09:20:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-03-08 09:10:02 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
    2011-03-08 09:10:02 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
    2011-03-08 09:02:44 -------- d-----w- C:\Windows\en
    2011-03-08 09:01:20 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2011-03-08 08:59:38 -------- d-----w- C:\Users\Jack\AppData\Local\Windows Live
    2011-03-08 08:58:43 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-03-08 08:58:43 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-03-08 08:58:43 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-03-08 08:58:43 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-03-08 08:58:43 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-03-08 08:58:43 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-03-08 08:58:43 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-03-08 08:58:43 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-03-08 08:58:43 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-03-08 08:58:43 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-03-08 08:58:38 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2011-03-08 08:56:09 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2011-03-08 08:23:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2011-03-08 08:13:05 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2011-03-08 08:12:01 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2011-03-08 08:12:01 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2011-03-08 08:12:01 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2011-03-08 08:12:01 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2011-03-08 08:10:30 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-03-08 08:10:30 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-03-08 08:09:26 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2011-03-08 08:06:02 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-03-08 08:06:02 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-03-08 08:06:02 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-03-08 08:06:02 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-03-08 08:06:02 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-03-08 08:06:02 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-03-08 08:06:02 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-03-08 08:06:02 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-03-08 08:06:02 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-03-08 08:06:02 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-03-08 08:06:01 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2011-03-08 08:06:01 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
    2011-03-08 08:03:17 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2011-03-08 08:03:17 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2011-03-08 08:02:43 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-03-08 08:02:43 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-03-08 08:02:07 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2011-03-08 08:02:07 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-03-08 08:02:07 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-03-08 08:02:07 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2011-03-08 08:02:07 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-03-08 08:02:04 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-08 08:02:04 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-03-08 08:02:04 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-08 08:02:04 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-03-08 08:01:21 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-03-08 08:01:21 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2011-03-08 08:01:21 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2011-03-08 08:01:21 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2011-03-08 08:01:21 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2011-03-08 08:01:21 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2011-03-08 08:01:21 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2011-03-08 08:01:21 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2011-03-08 08:01:21 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2011-03-08 08:01:21 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2011-03-08 08:00:55 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 08:00:55 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-08 08:00:55 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
    2011-03-08 08:00:55 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
    2011-03-08 08:00:37 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2011-03-08 08:00:30 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2011-03-08 08:00:29 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2011-03-08 08:00:29 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2011-03-08 08:00:29 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2011-03-08 08:00:28 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-03-08 08:00:11 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2011-03-08 08:00:11 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2011-03-08 07:59:53 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-03-08 07:59:53 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-03-08 07:58:30 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2011-03-08 07:58:04 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2011-03-08 07:58:04 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2011-03-08 07:58:02 112000 ----a-w- C:\Windows\System32\consent.exe
    2011-03-08 07:57:45 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-03-08 07:57:38 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2011-03-08 07:57:38 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2011-03-08 07:57:38 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2011-03-07 23:04:08 -------- d-----w- C:\Users\Jack\AppData\Local\Adobe
    2011-03-07 22:56:04 -------- d-----w- C:\Users\Jack\AppData\Local\SoftGrid Client
    2011-03-07 22:56:02 -------- d-----w- C:\Users\Jack\AppData\Roaming\SoftGrid Client
    2011-03-07 22:55:38 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
    2011-03-07 22:55:31 -------- d-----w- C:\Users\Jack\AppData\Roaming\TP
    2011-03-07 21:08:39 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-03-07 21:08:36 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-03-07 21:07:10 -------- d-----w- C:\Users\Jack\AppData\Local\Sunbelt Software
    2011-03-07 21:06:21 -------- dc-h--w- C:\PROGRA~3\{A5847AFF-A1FE-4929-A3C0-16C23AB1D29D}
    2011-03-07 21:06:12 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-03-07 21:04:45 -------- d-----w- C:\Users\Jack\AppData\Roaming\AVG10
    2011-03-07 21:03:45 -------- d--h--w- C:\PROGRA~3\Common Files
    2011-03-07 21:03:41 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
    2011-03-07 21:03:30 -------- d-----w- C:\PROGRA~3\Comodo
    2011-03-07 21:03:29 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-03-07 21:03:26 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2011-03-07 21:03:26 -------- d-----w- C:\Program Files\COMODO
    2011-03-07 21:01:29 -------- d-----w- C:\Windows\System32\drivers\AVG
    2011-03-07 21:01:29 -------- d-----w- C:\PROGRA~3\AVG10
    2011-03-07 21:00:54 -------- d-----w- C:\Program Files (x86)\AVG
    2011-03-07 20:58:29 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F5B1F9C0-1FDC-4F42-A81A-DFEFD832CBD6}\mpengine.dll
    2011-03-07 20:58:28 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-03-07 20:52:44 -------- d-----w- C:\Users\Jack\AppData\Roaming\Malwarebytes
    2011-03-07 20:52:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-07 20:52:38 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-07 20:52:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-07 20:40:16 -------- d-----w- C:\PROGRA~3\MFAData
    2011-03-07 20:29:35 -------- d-----w- C:\Users\Jack\AppData\Local\Diagnostics
    2011-03-07 20:18:53 -------- d-----w- C:\Users\Jack\AppData\Roaming\OEM
    2011-03-07 20:18:52 -------- d-----w- C:\Users\Jack\AppData\Local\EgisTec IPS
    .
    ==================== Find3M ====================
    .
    2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
    2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-06 17:37:00 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2011-01-06 17:36:58 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2011-01-06 17:36:58 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2010-12-29 01:42:04 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
    2010-12-29 01:42:02 362784 ----a-w- C:\Windows\System32\guard64.dll
    2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2010-12-23 06:07:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 21:31:23.23 ===============

    Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/03/2011 20:17:24
    System Uptime: 16/03/2011 20:52:13 (1 hours ago)
    .
    Motherboard: Acer | | Aspire M3910
    Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 2240/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 290 GiB total, 248.216 GiB free.
    D: is FIXED (NTFS) - 291 GiB total, 290.515 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 07/03/2011 20:58:18 - Windows Update
    RP2: 07/03/2011 21:00:40 - Installed AVG 2011
    RP3: 07/03/2011 21:01:00 - Installed AVG 2011
    RP4: 07/03/2011 21:04:25 - Installed COMODO Internet Security
    RP5: 08/03/2011 08:14:45 - Removed eBay Worldwide
    RP6: 08/03/2011 08:56:00 - Windows Update
    RP7: 08/03/2011 09:22:07 - Windows Update
    RP8: 08/03/2011 10:13:36 - Installed Microsoft PowerPoint Viewer
    RP9: 08/03/2011 12:33:07 - Windows Update
    RP10: 08/03/2011 20:01:43 - Windows Update
    RP11: 09/03/2011 09:08:35 - Installed DirectX
    RP12: 09/03/2011 18:01:41 - Windows Update
    RP13: 16/03/2011 20:43:17 - Configured PowerCinema
    .
    ==== Installed Programs ======================
    .
    Acer Arcade Deluxe
    Acer Arcade Movie
    Acer eRecovery Management
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.2 MUI
    Advertising Center
    Akamai NetSession Interface
    Bing Bar
    Bing Bar Platform
    COMODO GeekBuddy
    D3DX10
    Dynasty Warriors Online
    eSobi v2
    Hotkey Utility
    Identity Card
    ImagXpress
    Junk Mail filter update
    McAfee SiteAdvisor
    MediaShow Espresso
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker
    MyWinLocker Suite
    Nero 9 Essentials
    Nero ControlCenter
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    NeroExpress
    neroxml
    Norton Online Backup
    NVIDIA PhysX
    Opera 11.01
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Shredder
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2008 x64 Redistributables
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    16/03/2011 19:46:29, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/03/2011 13:44:16, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    09/03/2011 08:36:26, Error: Service Control Manager [7030] - The Akamai NetSession Interface service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Believe it or not, having multiple AV programs and/or Firewalls can make the system more vulnerable, not less:

    From the DDS header:
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated*
    AV: AVG Internet Security 2011 *Enabled/Updated*
    SP: AVG Internet Security 2011 *Enabled/Updated*
    SP: COMODO Defense+ *Enabled/Updated*
    SP: Windows Defender *Disabled/Updated*
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated*
    FW: COMODO Firewall *Enabled*
    FW: AVG Firewall *Enabled*

    ======================================
    You should have one antivirus program and one Firewall.
    Okay to have multiple antimalware programs.

    Please decide which AV and which FW you want to keep and uninstall the others.
    Note: before you decide: I am going to have you run Combofix, which unfortunately won't run with AVG- so AVG has to be uninstalled before that scan.
    ===============================================
    AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
    Note:
    • AVG user settings will be removed.
    • Virus Vault contents will be removed.
    • All other items related to AVG installation and use will be removed.
    • You will be asked during the removal procedure to restart your computer. Please do so.
    • Make sure there is no open work in process prior toto launching AVG Remover.
    Use the appropriate download for your system for the AVG Remover: AVG Remover:32bit
    AVG Remover:64 bit

    I don't have a special tool for Comodo removal.
    Please reboot the computer when you have finished.
    ===============================================
    Try this link for Malwarebytes. Instructions will be the same.
    ============================================
    Try this for Mbam:
    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Try the Mbam scan now.

    Let me know your status at this point.
     
  5. JDex

    JDex TS Rookie Topic Starter

    I uninstalled AVG, does that deal with the multiple AV and FW problem? I now have Comodo as my FW and Ad-Watch as my AV. I tried the links of re-installing and uninstalling MBAM, but that single app won't budge, got this message this time:

    Unable to execute file:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    CreateProcess failed; code 5.
    Access is denied.


    Here are the logs:

    exeHelper by Raktor
    Build 20100414
    Run at 20:45:25 on 03/20/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--


    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 20/03/2011 at 20:45:57.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\SysWOW64\InfDefaultInstall.exe
    C:\Windows\SysWOW64\runonce.exe
    C:\Windows\SysWOW64\grpconv.exe


    Rkill completed on 20/03/2011 at 20:46:05.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you try Mbam again after you ran RKill and exe? If not, please do it.

    The following needs to be handled:

    1. You still have too much security. Please run this Security Check so we can find everything and deal with it:
    Download Security Check by screen317 from HERE or HERE .
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I'll decide what's next after the above.

    Do you have any idea what this is? Install date of 3/7/2011, same dat as several other programs, including Sunbelt Software data- more security!
    C:\PROGRA~3\{A5847AFF-A1FE-4929-A3C0-16C23AB1D29D}

    You shouldn't be installing new software or configuring new programs when we're trying to clean the system. For instance: A Restore Point was set to configure Power Cinema on 3/16. That is also the date of your first log. It's a big program and it's running in the background.

    You also have a lot of redundancy> for instance, you have McAfee Site Advisor running- but AVG also has one!
     
  7. JDex

    JDex TS Rookie Topic Starter

    Sorry about the installations, I'm not the only person who uses the comp. Also I'm not aware of the extra security programme, if I can I just want rid of everything I don't absolutely need, feel free to streamline!

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    McAfee SiteAdvisor
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Symantec Norton Online Backup NOBuAgent.exe
    ``````````End of Log````````````


    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=7891ca0a1e2a8e4580b8ca40db0f0c01
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-03-26 10:04:30
    # local_time=2011-03-26 10:04:30 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=1024 16777215 100 0 0 0 0 0
    # compatibility_mode=3073 16777213 80 75 1605143 7550136 0 0
    # compatibility_mode=5893 16776574 100 94 93955 53598494 0 0
    # compatibility_mode=8192 67108863 100 0 4151 4151 0 0
    # scanned=16079
    # found=0
    # cleaned=0
    # scan_time=425

    MBAM installed now after rkill, but it stopped responding when it tried to update. I ran as admin and it updated and scanned successfully, thanks!
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Now you have no antivirus! Please put one AV program on the system.
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast Free Version

    Eset online scan is clean.
    The description of Mbam is confusing. The subject is "Mbam refuses to delete", but isn't it Mbam refuses to scan?
    =================================
    Show Hidden Files and Folders in Windows Vista and Windows 7:
    • Click on the Start button and select Computer
    • Press the Alt key on your keyboard and click on Tools
    • Select Folder Options
    • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
    • Next, uncheck the box next to Hide protected operating system files (Recommended)
    • Then, uncheck the box next to Hide extensions for known filetypes
    • Click Apply then click OK

    Then go to C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware and delete rules.ref.
    Once you've done that, start MBAM and when it shows the error and asks to update, let it do so and see if that corrects it.

    Please go back and rehide the files and folders after doing this.
    ================================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thread will be closed in 2 days if there is no reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...