Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Runtime error 70


(!)

Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
22-Mar-2011, 04:10 PM #16
The box heading says 'Project1'
Then there's a yellow caution symbol and the text next to it read
"Run-time error '70:
Permission denied"

Then there's an 'ok' box to click.

Thanks for your help btw

If it helps I think whatever virus/malware i have i got from downloading and mounting this iso http://isohunt. com/torrent_details/267666569/football+manager?tab=summary

Thought I had downloaded it before and it was ok but i was wrong. I ran a virus scan and it removed the viruses though, it may have missed something. I strongly suspect this is the cause of my problem anyway.

Last edited by Damo27; 22-Mar-2011 at 05:42 PM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Mar-2011, 02:35 AM #17
unfortunately unless we kniow what program is causing the error we can't attempot to fix it & we have absolutely no idea which program it is
Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
23-Mar-2011, 12:34 PM #18
Ah okay. Is there any other scans or info I can supply to help sort it out?
Phantom010's Avatar
Computer Specs
Trusted Advisor with 32,343 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
23-Mar-2011, 12:57 PM #19
Ever played a game called something like Strike Fighters Project1?
Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
23-Mar-2011, 12:58 PM #20
Nope. Not played any games on it. Was going to install football manager thus the link above but otherwise none

Last edited by Damo27; 23-Mar-2011 at 01:07 PM..
Phantom010's Avatar
Computer Specs
Trusted Advisor with 32,343 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
23-Mar-2011, 01:14 PM #21
Are you getting the error message when booting into Safe Mode?
Phantom010's Avatar
Computer Specs
Trusted Advisor with 32,343 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
23-Mar-2011, 01:17 PM #22
If not, try a Clean Boot procedure to isolate a possible culprit.
Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
23-Mar-2011, 01:48 PM #23
Didnt get it with a safe mode boot. Ill try the clean boot now
------------------------------
The error message didnt pop up at all during the clean boots. Reverted back to normal start up and *pop* there it is.

Last edited by Damo27; 23-Mar-2011 at 02:17 PM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Mar-2011, 03:23 PM #24
I have just spotted malware that I missed

delete any existing cfscript from desktop
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
23-Mar-2011, 04:02 PM #25
ComboFix 11-03-23.03 - Renegade 23/03/2011 20:47:53.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2807.1788 [GMT 0:00]
Running from: c:\users\Renegade\Desktop\Renegade123.exe.exe
Command switches used :: c:\users\Renegade\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Renegade\AppData\Roaming\GD.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 20:52 . 2011-03-23 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-21 20:13 . 2011-03-22 19:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-21 18:18 . 2011-03-21 18:18 -------- d-----w- c:\windows\en
2011-03-21 18:16 . 2011-03-21 18:16 -------- d-----w- c:\program files\Windows Live
2011-03-21 18:16 . 2009-09-04 17:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-03-21 18:16 . 2009-09-04 17:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-03-21 18:16 . 2009-09-04 17:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-03-21 18:16 . 2009-09-04 17:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-21 18:16 . 2011-03-21 18:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\94d2dc91cbe7f410\DSETUP.dll
2011-03-21 18:16 . 2011-03-21 18:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\94d2dc91cbe7f410\DXSETUP.exe
2011-03-21 18:16 . 2011-03-21 18:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\94d2dc91cbe7f410\dsetup32.dll
2011-03-21 18:16 . 2011-03-21 18:16 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\87bb4b11cbe7f40f\DSETUP.dll
2011-03-21 18:16 . 2011-03-21 18:16 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\87bb4b11cbe7f40f\DXSETUP.exe
2011-03-21 18:16 . 2011-03-21 18:16 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\87bb4b11cbe7f40f\dsetup32.dll
2011-03-21 18:09 . 2011-03-21 18:09 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-21 18:09 . 2011-03-21 18:09 -------- d-----w- c:\windows\system32\Wat
2011-03-21 17:45 . 2011-03-21 17:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-03-21 00:59 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-21 00:59 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-21 00:54 . 2009-11-25 12:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-21 00:54 . 2009-11-25 12:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-21 00:54 . 2009-11-25 12:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-21 00:54 . 2009-11-25 12:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-21 00:54 . 2009-11-25 12:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-21 00:54 . 2009-11-25 12:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-21 00:54 . 2009-11-25 12:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-21 00:54 . 2009-11-25 12:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-21 00:54 . 2009-11-25 12:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-21 00:54 . 2009-11-25 12:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-21 00:54 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-21 00:52 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-03-21 00:52 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-20 11:18 . 2011-03-20 11:29 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2011-03-20 09:56 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-20 09:55 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-03-20 00:05 . 2008-05-13 17:23 417792 ----a-w- c:\program files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2011-03-20 00:05 . 2011-03-20 00:05 -------- d-----w- c:\programdata\Last.fm
2011-03-20 00:04 . 2011-03-20 00:04 -------- d-----w- c:\program files (x86)\Last.fm
2011-03-19 19:15 . 2011-03-19 19:15 -------- d-----w- c:\program files (x86)\uTorrent
2011-03-19 17:55 . 2011-03-19 17:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-19 17:55 . 2009-05-18 13:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-19 17:55 . 2008-04-17 12:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-03-19 17:55 . 2008-04-17 12:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-03-19 17:53 . 2011-03-19 17:53 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-19 17:53 . 2011-03-19 17:53 -------- d-----w- c:\program files\Common Files\Apple
2011-03-19 17:53 . 2011-03-19 17:53 -------- d-----w- c:\program files\Bonjour
2011-03-19 17:53 . 2011-03-19 17:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-03-19 17:53 . 2011-03-19 17:54 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-19 17:53 . 2011-03-19 17:53 -------- d-----w- c:\programdata\Apple
2011-03-19 17:17 . 2007-02-08 13:48 51600 ----a-w- c:\windows\system32\drivers\dsiarhwprog_x64.sys
2011-03-19 17:11 . 2011-03-19 17:11 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-19 17:10 . 2011-03-19 17:10 -------- d-----w- c:\program files (x86)\Datel
2011-03-19 16:32 . 2011-03-19 16:32 -------- d-----w- c:\program files\Acer Accessory Store
2011-03-19 16:31 . 2011-03-19 16:34 -------- d-----w- c:\users\Renegade
2011-03-19 16:31 . 2011-03-19 16:31 -------- d-----w- C:\Recovery
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 18:28 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_17.55.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-30 08:59 . 2011-03-23 19:23 39098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-23 19:23 30274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-11-02 22:50 . 2011-03-22 17:55 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2010-11-02 22:50 . 2011-03-23 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2010-11-02 22:50 . 2011-03-23 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2010-11-02 22:50 . 2011-03-22 17:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-22 17:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-23 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2011-03-19 16:40 . 2011-03-22 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2011-03-19 16:40 . 2011-03-23 19:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-23 19:24 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
+ 2011-03-19 16:40 . 2011-03-23 19:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2011-03-19 16:40 . 2011-03-22 17:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2011-03-19 16:40 . 2011-03-23 19:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2011-03-19 16:40 . 2011-03-22 17:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
+ 2011-03-19 16:31 . 2011-03-23 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2011-03-19 16:31 . 2011-03-22 17:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
- 2011-03-19 16:31 . 2011-03-22 17:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2011-03-19 16:31 . 2011-03-23 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2011-03-19 16:33 . 2011-03-23 19:23 4982 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3229416372-1999266209-939337891-1001_UserData.bin
+ 2011-03-23 19:21 . 2011-03-23 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-22 17:55 . 2011-03-22 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-23 19:21 . 2011-03-23 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-22 17:55 . 2011-03-22 17:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-03-21 18:41 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-03-23 19:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
- 2009-07-14 05:01 . 2011-03-22 17:54 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-03-23 19:20 226136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2011-03-21 18:30 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-03-23 19:23 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-03-22 17:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-03-23 19:35 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-13 149032]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNxpt735YYGB&ptb=hAyASS5A19U4S.uJusP7sg
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Renegade\AppData\Roaming\Mozilla\Firefox\Profiles\2forye3y.default \
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3229416372-1999266209-939337891-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3229416372-1999266209-939337891-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-23 20:54:33
ComboFix-quarantined-files.txt 2011-03-23 20:54
.
Pre-Run: 124,402,397,184 bytes free
Post-Run: 124,146,565,120 bytes free
.
- - End Of File - - D9BB3B8FC13A512628843AAAEF900BF3
Upload was successful
Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
23-Mar-2011, 04:05 PM #26
It says upload completed, is that the zip that you need?
Phantom010's Avatar
Computer Specs
Trusted Advisor with 32,343 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
23-Mar-2011, 04:09 PM #27
Quote:
Originally Posted by Damo27 View Post
Didnt get it with a safe mode boot. Ill try the clean boot now
------------------------------
The error message didnt pop up at all during the clean boots. Reverted back to normal start up and *pop* there it is.
Did you run the procedure for both Services and Startup programs?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Mar-2011, 04:10 PM #28
reboot & you should find that has cured the error 70 message
Damo27's Avatar
Damo27 Damo27 is offline
Computer Specs
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Mar 2011
Experience: Beginner
23-Mar-2011, 04:26 PM #29
Yep no error on reboot. Thanks a lot for your help dvk and yours too phantom
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,944 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Mar-2011, 05:07 PM #30
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
error, runtime error 70, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑