Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 25th, 2010, 1:37 pm

I was receiving the message “Windows will shutdown in less than a minute” and my computer would keep on shutting down and restarting. I ran a scan with AVG , malwarebytes. After removal of the infected files, I received the following message after booting my computer:
Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat
The specified module could not be found. The log files for Hijackthis, and uninstall_list follow. Thanks for your help! Doug


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:27 AM, on 5/25/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programs\ZoomIt\ZoomIt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Programs\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!

\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!

\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6

\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32

\eDStoolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0

\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common

Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Users\Doug\AppData\Roaming\Adobe\Update\flacor.dat""
O4 - HKCU\..\Run: [Helper] C:\Users\Doug\AppData\Roaming\Helper\bin\liveu.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ZoomIt.exe - Shortcut (2).lnk = C:\Programs\ZoomIt\ZoomIt.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!

\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file

missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -

http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering

Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering

Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10225 bytes

=================================================================================

uninstall_list.txt

123 CopyDVD Gold 2009
32 Bit HP CIO Components Installer
Acer Arcade Deluxe
Acer Assist
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Premiere Elements 8.0 Templates
Adobe Reader 7.1.0
Adobe Shockwave Player 11
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Atomic Clock Sync
AVG Free 9.0
AviSynth 2.5
Bonjour
CCleaner (remove only)
CheckIt Diagnostics
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Contenta Converter BASIC
CoreAVC Professional Edition (remove only)
Creative WebCam Live! Driver (1.02.03.0606)
Creative WebCam Live! User's Guide (English)
DivXLand Media Subtitler
DVDSmith Movie Backup 1.0.4
ExamView Assessment Suite
Express Burn
Express Rip
FileZilla Client 3.3.2.1
Flickr Uploadr 3.2.1
FlipShare
Free FLV to WMV Converter
Free RAR Extract Frog
FxFoto by Triscape
Garmin City Navigator North America NT 2008
Garmin City Navigator North America NT 2009 Update
Garmin City Navigator North America NT 2010.10
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Officejet All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HPSSupply
inSSIDer
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
IZArc 3.81
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Launch Manager V1.1.1.3
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Longman iBT
Lytec Medical 98
Malwarebytes' Anti-Malware
MapSource
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint 2003
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Journal Viewer
Motorola Driver Installation
Motorola Phone Tools
MozBackup 1.4
Mozilla Firefox (3.5.9)
Mp3tag v2.41
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NCH Toolbox
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OpenOffice.org 3.1
PCsync
PDF-Viewer
PHOTOfunSTUDIO HD Edition
Picasa 3
PowerProducer
PrintMaster 12
Prism Video Converter
QuickBooks Basic 2005
QuickTime
RealPlayer
Realtek High Definition Audio Driver
ReNamer
Replay Music
Rhapsody
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shockwave
Skype™ 4.1
SmartSound Quicktracks for Premiere Elements 8.0
SmartSound Quicktracks for Premiere Elements 8.0
SolveigMM AVI Trimmer
SWF & FLV Player 3.0 (build 3.0.33.5106)
Switch
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
Triscape FxFoto
TSP_CODEC
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Platform Device Manager
VideoPad Video Editor
VLC media player 1.0.3
WavePad Sound Editor
WD Diagnostics
Web Ambassador 8.1 Build 41.16
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Easy Transfer Companion (Beta)
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Wipeer version 0.723
Yahoo! ¤u¨ã¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! SiteBuilder
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top
Advertisement
Register to Remove

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » May 27th, 2010, 1:31 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

First thing I would like you to do is to turn Word Wrap off in Notepad:
  • Open Notepad then on the Toolbar click Format
  • Make sure Word Wrap is unticked then close Notepad

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Right click the .exe file then choose Run as Administrator to run the program. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 27th, 2010, 5:46 pm

Well I ran dds.scr and saved the files dds.txt and attach.txt. When I tired to run gmer it froze on c:\WINDOWS\system32\drivers NETIO.sys

I turned the power off and tried to run gmer again and save the initial start up scan. The same thing happened. After the the second reboot my file explorer would freeze and not respond. I went into safe mode and restored my system to 5/22/10. It's running fine now. I'm hesitant about trying to run gmer again. Below are the dds.txt and attach.txt files.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Doug at 13:21:45.14 on Thu 05/27/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.919 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programs\ZoomIt\ZoomIt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\21Downloads\MalwareRemovalForum\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Getdo] rundll32.exe "c:\users\doug\appdata\roaming\adobe\update\flacor.dat""
uRun: [Helper] c:\users\doug\appdata\roaming\helper\bin\liveu.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer Tour]
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [eRecoveryService]
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\doug\appdata\roaming\micros~1\windows\startm~1\programs\startup\zoomit~1.lnk - c:\programs\zoomit\ZoomIt.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\programs\micros~1\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\office
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll eNetHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\doug\appdata\roaming\mozilla\firefox\profiles\ml6z2l3o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\programs\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\programs\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\programs\real\realplayer\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-7 216200]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2007-8-31 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-21 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-15 308064]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2008-10-14 39672]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2007-9-23 91841]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 135664]
S4 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2007-2-9 118784]

=============== Created Last 30 ================

2010-05-18 19:22:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 19:22:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 18:32:28 0 d-----w- c:\program files\Trend Micro
2010-05-13 22:29:38 0 d-----w- c:\users\doug\appdata\roaming\Malwarebytes
2010-05-13 22:29:11 0 d-----w- c:\programdata\Malwarebytes
2010-05-13 22:29:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 02:00:04 0 dc----w- C:\PMAIL
2010-05-04 20:32:01 0 dc----w- C:\PMAILold
2010-04-30 23:11:25 0 d-----w- c:\users\doug\appdata\roaming\ICAClient

==================== Find3M ====================

2010-04-28 09:26:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 09:34:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-14 22:34:17 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-14 22:34:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-14 22:34:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-01-23 05:35:46 174 --sha-w- c:\program files\desktop.ini
2009-01-23 05:21:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-08 17:47:05 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-08 17:47:05 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-08 17:47:05 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:23:45.36 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2007 8:47:08 AM
System Uptime: 5/27/2010 10:21:21 AM (3 hours ago)

Motherboard: Acer | | Myall2
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | U2E1 | 1600/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 13.45 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 11.598 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

123 CopyDVD Gold 2009
32 Bit HP CIO Components Installer
5700_Help
Acer Arcade Deluxe
Acer Assist
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Reader 7.1.0
Adobe Shockwave Player 11
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Atomic Clock Sync
AVG Free 9.0
AviSynth 2.5
Bonjour
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
c5200_Help
CCleaner (remove only)
CheckIt Diagnostics
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Contenta Converter BASIC
CoreAVC Professional Edition (remove only)
Creative WebCam Live! Driver (1.02.03.0606)
Creative WebCam Live! User's Guide (English)
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivXLand Media Subtitler
DocProc
DocProcQFolder
DVDSmith Movie Backup 1.0.4
eSupportQFolder
ExamView Assessment Suite
Express Burn
Express Rip
Fax
FileZilla Client 3.3.2.1
Flickr Uploadr 3.2.1
FlipShare
Free FLV to WMV Converter
Free RAR Extract Frog
FxFoto by Triscape
Garmin City Navigator North America NT 2008
Garmin City Navigator North America NT 2009 Update
Garmin City Navigator North America NT 2010.10
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart Essential
HP Solution Center 8.0
HPProductAssistant
HPSSupply
inSSIDer
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
iTunes
IZArc 3.81
J5700
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Launch Manager V1.1.1.3
LightScribe 1.4.124.1
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Longman iBT
Lytec Medical 98
Malwarebytes' Anti-Malware
MapSource
MarketResearch
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint 2003
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Windows Journal Viewer
Motorola Driver Installation
Motorola Phone Tools
MozBackup 1.4
Mozilla Firefox (3.5.9)
Mp3tag v2.41
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NCH Toolbox
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.1
PCsync
PDF-Viewer
PHOTOfunSTUDIO HD Edition
Picasa 3
Platform
PowerProducer
PrintMaster 12
Prism Video Converter
ProductContext
QuickBooks Basic 2005
QuickTime
RealPlayer
Realtek High Definition Audio Driver
ReNamer
Replay Music
Rhapsody
Rhapsody Player Engine
Scan
Security Update for CAPICOM (KB931906)
Shockwave
Skype™ 4.1
SmartSound Quicktracks for Premiere Elements 8.0
SolutionCenter
SolveigMM AVI Trimmer
Status
SWF & FLV Player 3.0 (build 3.0.33.5106)
Switch
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
Triscape FxFoto
TSP_CODEC
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Platform Device Manager
VideoPad Video Editor
VLC media player 1.0.3
WavePad Sound Editor
WD Diagnostics
Web Ambassador 8.1 Build 41.16
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Easy Transfer Companion (Beta)
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Wipeer version 0.723
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! ¤u¨ã¦C
Yahoo! SiteBuilder

==== End Of File ===========================
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » May 27th, 2010, 7:37 pm

Hi

I'd really like to see the Gmer log. Try running Gmer in Safe Mode. You should have better luck with it.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 28th, 2010, 3:22 pm

I ran gmer scan in safe mode and received the above message when
the scan reached:

\Device\Harddisk\Volume1ShadowCopy1

The following message appeared on my screen:\
Microsoft Windows

pwoi12fx.exe has stopped working

A problem caused the program to stop working correctly.
Windows will close the program and notify you if a solution is
available.
[Close Program]


I tried to run it again in safemode and got a blue screen with a message
telling me windwos was shutting down.

-----------------------------------------------------------------------
I saved the gmer scan from inital start up:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-28 11:29:17
Windows 6.0.6001 Service Pack 1
Running: pw0i12fx.exe; Driver: C:\Users\Doug\AppData\Local\Temp\ugrdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » May 28th, 2010, 7:20 pm

Hi

OK, we'll move on.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 29th, 2010, 7:06 pm

ComboFix 10-05-29.03 - Doug 05/29/2010 15:36:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1110 [GMT -7:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\eNetHook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\PMH77E7.tmp
c:\users\Doug\AppData\Roaming\Helper\bin\liveu.exe
c:\users\Doug\g2mdlhlpx.exe
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\system32\AbaleZip.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\bszip.dll
c:\windows\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 22:46 . 2010-05-29 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-18 19:22 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 19:22 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 18:32 . 2010-05-18 18:32 -------- d-----w- c:\program files\Trend Micro
2010-05-14 01:06 . 2010-05-14 01:06 680 ----a-w- c:\users\Doug\AppData\Local\d3d9caps.dat
2010-05-13 22:29 . 2010-05-13 22:29 -------- d-----w- c:\users\Doug\AppData\Roaming\Malwarebytes
2010-05-13 22:29 . 2010-05-18 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 22:29 . 2010-05-13 22:29 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 02:00 . 2010-05-14 17:10 -------- dc----w- C:\PMAIL
2010-05-04 20:32 . 2010-05-14 17:10 -------- dc----w- C:\PMAILold
2010-04-30 23:11 . 2010-04-30 23:27 -------- d-----w- c:\users\Doug\AppData\Roaming\ICAClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 22:02 . 2008-01-01 00:07 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-29 21:37 . 2008-09-20 00:19 -------- d-----w- c:\users\Doug\AppData\Roaming\FileZilla
2010-05-28 22:36 . 2008-11-05 00:53 -------- d-----w- c:\programdata\Google Updater
2010-05-20 22:54 . 2008-12-15 23:13 1 ----a-w- c:\users\Doug\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 19:43 . 2007-09-20 22:09 -------- d-----w- c:\users\Doug\AppData\Roaming\Image Zone Express
2010-05-20 01:39 . 2009-11-24 23:05 -------- d-----w- c:\users\Doug\AppData\Roaming\vlc
2010-05-19 03:12 . 2007-09-01 06:38 -------- d-----w- c:\program files\Google
2010-05-12 20:56 . 2009-11-12 19:06 -------- d-----w- c:\programdata\avg9
2010-05-05 22:57 . 2007-09-01 04:11 -------- d-----w- c:\users\Doug\AppData\Roaming\Skype
2010-04-30 23:10 . 2009-05-07 22:25 -------- d-----w- c:\program files\Citrix
2010-04-28 09:26 . 2009-03-21 17:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-28 01:49 . 2010-04-28 01:49 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-28 00:45 . 2009-06-24 00:04 -------- d-----w- c:\program files\123CopyDVD Gold 2009
2010-04-27 19:17 . 2010-04-27 19:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-27 19:17 . 2010-04-27 19:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 19:05 . 2006-12-02 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 17:07 . 2010-04-26 17:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-05 17:57 . 2010-04-05 17:57 -------- d-----w- c:\users\Doug\AppData\Roaming\Helper
2010-03-30 20:23 . 2007-08-31 22:08 61136 ----a-w- c:\users\Doug\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-15 09:34 . 2010-03-15 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 09:34 . 2007-09-01 00:02 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 09:34 . 2008-05-07 18:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 464168]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-22 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]

c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZoomIt.exe - Shortcut (2).lnk - c:\programs\ZoomIt\ZoomIt.exe [2008-6-27 148520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 21:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-10 17:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 17:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 mailKmd;mailKmd; [x]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge.sys [2008-10-15 39672]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2005-06-06 91841]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-28 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-04 17:16]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 20:56]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 20:56]

2010-05-29 c:\windows\Tasks\User_Feed_Synchronization-{A2ED153B-0F85-4002-98FD-CF0516BC6238}.job
- c:\windows\system32\msfeedssync.exe [2008-12-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\office
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ml6z2l3o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Getdo - c:\users\Doug\AppData\Roaming\Adobe\Update\flacor.dat
HKCU-Run-Helper - c:\users\Doug\AppData\Roaming\Helper\bin\liveu.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 15:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-05-29 15:51:59
ComboFix-quarantined-files.txt 2010-05-29 22:51

Pre-Run: 13,100,003,328 bytes free
Post-Run: 13,994,033,152 bytes free

- - End Of File - - B5D78DA87E593D9F95A988DCFDC2CBCA
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » May 30th, 2010, 11:01 am

Hi

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
Folder::
c:\users\Doug\AppData\Roaming\Helper
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
DDS::
Trusted Zone: microsoft.com\office
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
Pictured tutorial if required.

Note: This sacn will take quite some time to update & scan, so be patient with it.

To post in next reply:
ComboFix log
Kaspersky Online Scan log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 30th, 2010, 9:44 pm

ComboFix 10-05-29.03 - Doug 05/30/2010 11:27:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.880 [GMT -7:00]
Running from: c:\users\Doug\Desktop\Virus Log Files\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\Virus Log Files\CfScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Doug\AppData\Roaming\Helper

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.

2010-05-30 18:38 . 2010-05-30 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-30 18:38 . 2010-05-30 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-18 19:22 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 19:22 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 18:32 . 2010-05-18 18:32 -------- d-----w- c:\program files\Trend Micro
2010-05-14 01:06 . 2010-05-14 01:06 680 ----a-w- c:\users\Doug\AppData\Local\d3d9caps.dat
2010-05-13 22:29 . 2010-05-13 22:29 -------- d-----w- c:\users\Doug\AppData\Roaming\Malwarebytes
2010-05-13 22:29 . 2010-05-18 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 22:29 . 2010-05-13 22:29 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 02:00 . 2010-05-14 17:10 -------- dc----w- C:\PMAIL
2010-05-04 20:32 . 2010-05-14 17:10 -------- dc----w- C:\PMAILold
2010-04-30 23:11 . 2010-04-30 23:27 -------- d-----w- c:\users\Doug\AppData\Roaming\ICAClient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 23:37 . 2008-11-05 00:53 -------- d-----w- c:\programdata\Google Updater
2010-05-29 22:56 . 2008-01-01 00:07 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-29 21:37 . 2008-09-20 00:19 -------- d-----w- c:\users\Doug\AppData\Roaming\FileZilla
2010-05-20 22:54 . 2008-12-15 23:13 1 ----a-w- c:\users\Doug\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 19:43 . 2007-09-20 22:09 -------- d-----w- c:\users\Doug\AppData\Roaming\Image Zone Express
2010-05-20 01:39 . 2009-11-24 23:05 -------- d-----w- c:\users\Doug\AppData\Roaming\vlc
2010-05-19 03:12 . 2007-09-01 06:38 -------- d-----w- c:\program files\Google
2010-05-12 20:56 . 2009-11-12 19:06 -------- d-----w- c:\programdata\avg9
2010-05-05 22:57 . 2007-09-01 04:11 -------- d-----w- c:\users\Doug\AppData\Roaming\Skype
2010-04-30 23:10 . 2009-05-07 22:25 -------- d-----w- c:\program files\Citrix
2010-04-28 09:26 . 2009-03-21 17:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-28 01:49 . 2010-04-28 01:49 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-28 00:45 . 2009-06-24 00:04 -------- d-----w- c:\program files\123CopyDVD Gold 2009
2010-04-27 19:17 . 2010-04-27 19:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-27 19:17 . 2010-04-27 19:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 19:05 . 2006-12-02 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 17:07 . 2010-04-26 17:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-30 20:23 . 2007-08-31 22:08 61136 ----a-w- c:\users\Doug\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-15 09:34 . 2010-03-15 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 09:34 . 2007-09-01 00:02 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 09:34 . 2008-05-07 18:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-29_22.47.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 18:50 . 2010-05-29 22:58 86116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-12-02 18:50 . 2010-05-29 22:05 86116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-29 22:05 99930 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-29 22:58 99930 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-08-31 22:17 . 2010-05-29 22:05 13834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3763823291-2402736660-1404909964-1000_UserData.bin
+ 2007-08-31 22:17 . 2010-05-29 22:58 13834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3763823291-2402736660-1404909964-1000_UserData.bin
+ 2007-02-09 16:54 . 2006-12-29 04:07 90112 c:\windows\System32\eNetHook.dll
+ 2007-08-31 22:05 . 2010-05-30 08:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-31 22:05 . 2010-05-29 21:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-31 22:05 . 2010-05-29 21:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-31 22:05 . 2010-05-30 08:02 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-31 22:05 . 2010-05-29 21:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-31 22:05 . 2010-05-30 08:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-10 21:53 . 2010-05-29 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 21:53 . 2010-05-29 22:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 21:53 . 2010-05-29 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 21:53 . 2010-05-29 22:57 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 21:53 . 2010-05-29 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 21:53 . 2010-05-29 22:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-29 22:03 . 2010-05-29 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-29 22:57 . 2010-05-29 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-29 22:03 . 2010-05-29 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-29 22:57 . 2010-05-29 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-09-01 19:28 . 2010-05-30 18:07 397634 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-05-29 23:02 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-29 22:07 598588 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-05-29 23:02 102194 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-05-29 22:07 102194 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 464168]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-22 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]

c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZoomIt.exe - Shortcut (2).lnk - c:\programs\ZoomIt\ZoomIt.exe [2008-6-27 148520]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 21:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-10 17:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 17:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 mailKmd;mailKmd; [x]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge.sys [2008-10-15 39672]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2005-06-06 91841]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-28 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-04 17:16]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 20:56]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 20:56]

2010-05-30 c:\windows\Tasks\User_Feed_Synchronization-{A2ED153B-0F85-4002-98FD-CF0516BC6238}.job
- c:\windows\system32\msfeedssync.exe [2008-12-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ml6z2l3o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-30 11:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1848)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2010-05-30 11:42:34
ComboFix-quarantined-files.txt 2010-05-30 18:42
ComboFix2.txt 2010-05-29 22:51

Pre-Run: 18,684,325,888 bytes free
Post-Run: 18,675,261,440 bytes free

- - End Of File - - FC3A1215C540F8F86473F713FD41F944


Date: Today (events: 138)
My Update Center (events: 7)
5/30/2010 12:44:33 PM Task started Kaspersky Internet Security My Update Center
5/30/2010 1:00:47 PM It is necessary to restart the computer after update Kaspersky Internet Security
5/30/2010 1:00:49 PM Task completed Kaspersky Internet Security My Update Center
5/30/2010 3:20:00 PM Task started Kaspersky Internet Security My Update Center
5/30/2010 3:29:33 PM Task completed Kaspersky Internet Security My Update Center
5/30/2010 5:40:14 PM Task started Kaspersky Internet Security My Update Center
5/30/2010 5:42:45 PM Task completed Kaspersky Internet Security My Update Center
Objects Scan (events: 8)
5/30/2010 1:14:29 PM Task started Kaspersky Internet Security Rootkit Scan
5/30/2010 1:22:39 PM Task stopped Kaspersky Internet Security Rootkit Scan
5/30/2010 1:37:15 PM Task started Kaspersky Internet Security Full Scan
5/30/2010 1:37:29 PM Task stopped Kaspersky Internet Security Full Scan
5/30/2010 1:40:23 PM Task started Kaspersky Internet Security Full Scan
5/30/2010 4:41:44 PM Task completed Kaspersky Internet Security Full Scan
5/30/2010 4:44:31 PM Task started Kaspersky Internet Security Rootkit Scan
5/30/2010 4:52:55 PM Task completed Kaspersky Internet Security Rootkit Scan
IM Anti-Virus (events: 2)
5/30/2010 12:44:23 PM Task started Kaspersky Internet Security IM Anti-Virus
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security IM Anti-Virus
Firewall (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Firewall
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Firewall
Proactive Defense (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Proactive Defense
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Proactive Defense
Application Control (events: 103)
5/30/2010 5:38:10 PM Google Updater Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 5:08:57 PM Windows Media Center Store Update Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 4:23:58 PM Windows Modules Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 2:23:08 PM Notepad Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 2:22:50 PM Prevalence reporter Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:38:56 PM Reliability analysis metrics calculation executable Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:38:55 PM MUI Language pack cleanup Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:33:55 PM Windows SQM Consolidator Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:29:42 PM Windows Shell Common Dll Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:29:34 PM Windows Firewall Control Panel Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:29:17 PM Windows Control Panel Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:28:59 PM COM Surrogate Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:28:13 PM WMI Reverse Performance Adapter Maintenance Utility Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:40 PM gusvc Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:37 PM Problem Reports and Solutions Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:28 PM IP Configuration Utility Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:27 PM Windows Problem Reporting Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:22 PM Network Command Shell Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:14 PM DHCP.BAT Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:26:05 PM Microsoft Sync Center Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:05 PM Acer eAP Launch Tool Placed in group Trusted Known on the database of the known software
5/30/2010 1:26:04 PM LogitechService Launcher Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:04 PM Acer Product Registration Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:26:04 PM MBRWRWIN.EXE Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:25:39 PM Windows Media Player Network Sharing Service Configuration Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:25:28 PM Acer Assist Launcher Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:24:28 PM Userinit Logon Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Application Control
5/30/2010 1:22:16 PM Windows Modules Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:22:09 PM Windows Problem Reporting Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:21:48 PM Windows Logon User Interface Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:21:40 PM Microsoft Windows Search Filter Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:21:39 PM Microsoft Windows Search Protocol Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:20:53 PM Bubbles Screen Saver Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:19:55 PM Extension CLSID Verification Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:45:00 PM Microsoft Feeds Synchronization Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:36 PM Kaspersky Anti-Virus GUI Windows part Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM WebToolBar component Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Firefox Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Windows® installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Windows Update Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Windows Media Player Network Sharing Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM HP CUE Status Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Camera Control Interface Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM Application Layer Gateway Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM Sink to receive asynchronous callbacks for WMI client application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM WMI Provider Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM LVCom Server Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM WMIServi Application Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM Service Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM eRecoveryService Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM eRecovery agent Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:34 PM Kaspersky Internet Security Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM Acer Empowering Techonology Framework Launcher Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:34 PM Acer ePower Management DMC Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM Microsoft Windows Search Indexer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM eNMTray Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:33 PM Media Center Media Status Aggregator Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM igfxsrvc Module Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM Sysinternals Screen Magnifier Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM HP Digital Imaging Monitor Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM GoogleToolbarNotifier Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM Media Center Tray Applet Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM Windows Sidebar Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM persistence Module Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM hkcmd Module Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM Installation Plug-In Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM AVG Scanning Core Module - Server Part Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM Camera Software Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM Communications Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:31 PM AVG Cache Server Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:30 PM AVG Resident Shield Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:29 PM MOBILITYSERVICE.EXE Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:29 PM WButton MFC Application Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:29 PM OSD MFC Application Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:29 PM HotkeyApp Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:29 PM acer eNet Management Service Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:29 PM LaunchAp MFC Application Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:29 PM eDataSecurity System Loader( Load and prepare enviroment ) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:28 PM Synaptics TouchPad Enhancements Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:28 PM AVG Network scanner Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:28 PM HD Audio Control Panel Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM Acer eLock Management Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:27 PM eDataSecurity Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM AVG Watchdog Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM ArcSoft Connect Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM Google Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Windows Explorer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Desktop Window Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Task Scheduler Engine Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Spooler SubSystem App Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Microsoft Software Licensing Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Windows Audio Device Graph Isolation Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Logitech LVPrcSrv Module. Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Host Process for Windows Services Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Windows Logon Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Local Session Manager Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Local Security Authority Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Services and Controller app Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:25 PM Windows Start-Up Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:25 PM Client Server Runtime Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:24 PM Windows Session Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Application Control
Anti-Spam (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Anti-Spam
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Anti-Spam
Network Attack Blocker (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Network Attack Blocker
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Network Attack Blocker
Web Anti-Virus (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Web Anti-Virus
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Web Anti-Virus
Mail Anti-Virus (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Mail Anti-Virus
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Mail Anti-Virus
File Anti-Virus (events: 2)
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security File Anti-Virus
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security File Anti-Virus
My Protection (events: 4)
5/30/2010 12:44:21 PM Databases are obsolete Kaspersky Internet Security
5/30/2010 12:44:36 PM Your computer is protected Kaspersky Internet Security
5/30/2010 1:22:39 PM Protection is not running Kaspersky Internet Security
5/30/2010 1:24:26 PM Your computer is protected Kaspersky Internet Security
======================================================================

My computer is running fine now. After the first combofix, I stopped receiving the "error loading .. flacor.dat"
and the liveu command prompt that came up after that.

I'll be careful to keep my Java updated in the future! Thank you.

The kapersky is a slug of a program. I've deleted it, but will use it in the future if I really need to. AVG, malwarebytes and combofix are all fast and efficient programs, and free.

Thanks again for your help!

Doug
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » May 30th, 2010, 11:20 pm

Hi

That log you provide for the Kaspersky scan. Was that from the Kaspersky Online Scanner or Kaspersky Internet Security? It doesn't look like the Online scan log.

ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
Download Security Check by screen317 from one of the following links & save it to your desktop:
Link 1
Link 2
  • Double click SecurityCheck.exe to run it then press any key at the prompt to continue
  • Once the tool has finished a Notepad document should open named checkup.txt
  • Copy/paste the contents of checkup.txt & post in your next reply
To post in next reply:
ESET Online Scan log
Checkup log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » May 31st, 2010, 2:02 pm

I ran ESET Online Scanner. After it finished scanning I received a message no threats found.
I was then went to the directory:

C:\Program Files\Eset\Eset Online Scanner\

but there was no log.txt

I then downloaded and ran screen317 from:

http://screen317.spywareinfoforum.org/SecurityCheck.exe

The checkup.txt follows.

Doug
==============================================================
Results of screen317's Security Check version 0.99.4
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Empowering Technology eSettings Service capuserv.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » May 31st, 2010, 5:14 pm

Hi

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.3
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
Note: Do not install anything dealing with AskBar... presented as an installation option.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
DDS.scr
The Gmer.exe file (it will be randomly named .exe file)
SecurityCheck.exe
Any logs that may have been saved to your desktop
You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis
  • Double click HijackThis.exe
  • From the Main menu click Open the Misc Tools section
  • Using the scroll bar, scroll down to Uninstall HijackThis
  • Click Uninstall HijackThis & exit then click Yes at the prompt
All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
  • Right-click on Computer then select Properties
  • In the left pane under Tasks click System protection
  • Select System Protection then choose Create
  • In the System Restore dialog box, type a description for the restore point then click Create again
  • A window will pop up with The Restore Point was created successfully confirmation message
  • Click OK then close the System Restore dialog
Update your Windows Vista to Service Pack 2
It is CRITICAL that you keep your Windows updated. Otherwise you're open to dozens of security holes which WILL cause you to get reinfected.
Visit Windows Update NOW & download Service Pack 2 + ALL critical updates! (Click Start >> All Programs >> Windows Update to launch Windows Update)

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. Keep it updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby Douglas » June 2nd, 2010, 1:33 pm

Thanks again for your help!

Doug
Douglas
Active Member
 
Posts: 10
Joined: May 18th, 2010, 3:27 pm
Top

Re: Error loading / / AppData\Roaming\Adobe\Udate\flacor.dat

Unread postby jmw3 » June 2nd, 2010, 5:38 pm

No problem at all.... Glad I could help.

Good Luck & Surf Safe :)

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 219 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index