Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
13 replies to this topic

#1 bloker

bloker

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 02 December 2011 - 08:35 PM

Hello

My OS is Windows7 Professional 64 bit my browser is FireFox 8.1
I have run TDSS killer which found nothing on the machine. I have run Malwarebytes with a zero result.I have run Spybot with a zero result. My current anti virus Avg also showed no rootkit virus.
Google is my search engine via FireFox and is being constantly redirected.
Attached is my log:

Thanks in anticipation

bloker



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Pete at 20:24:03 on 2011-12-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.24567.21316 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Evidence Eliminator\Ee.exe
C:\Users\Pete\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [9aa2d2a178178275d370b20045f70132] C:\DOWNLO~1\UKTS_S~1.EXE /r
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BF593EA7-1ADB-4057-87CD-D9103564E0B8} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D35D98D7-D8A2-4EDB-8C61-3BD5C2EC719F} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\dgcxlgq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt58;Acronis Disk Storage Filter (58);C:\Windows\system32\DRIVERS\vsflt58.sys --> C:\Windows\system32\DRIVERS\vsflt58.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\system32\DRIVERS\CLBStor.sys --> C:\Windows\system32\DRIVERS\CLBStor.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\elrawdsk.sys --> C:\Windows\system32\drivers\elrawdsk.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/06/14 20:54:24];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-20 146928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\system32\drivers\CLBUDF.sys --> C:\Windows\system32\drivers\CLBUDF.sys [?]
R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MirayVirtualDisk;MirayVirtualDisk;C:\Windows\system32\DRIVERS\mvd.sys --> C:\Windows\system32\DRIVERS\mvd.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-29 3409872]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-6-14 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-6-14 79360]
S4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-6-14 79360]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-11 1030600]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-18 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-18 136176]
S4 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
S4 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-3-12 86016]
S4 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139536]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-16 1153368]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-9-18 5778648]
S4 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-6-16 5716848]
.
=============== Created Last 30 ================
.
2011-11-28 00:18:19 -------- d-----w- C:\Program Files (x86)\Ultra Video Splitter
2011-11-25 19:12:31 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-25 19:12:31 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-25 19:12:30 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-25 19:12:29 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-20 16:14:37 -------- d-----w- C:\Windows\pss
2011-11-14 13:39:02 145008 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2011-11-04 17:34:47 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-04 17:34:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-04 16:20:04 525544 ----a-w- C:\Windows\System32\deployJava1.dll
.
==================== Find3M ====================
.
2011-11-18 13:06:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-08 15:42:41 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-09-29 18:28:45 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-09-29 18:28:41 1284192 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2011-09-29 18:28:40 986208 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-09-29 18:28:36 210528 ----a-w- C:\Windows\System32\drivers\vididr.sys
2011-09-29 18:28:35 142944 ----a-w- C:\Windows\System32\drivers\vsflt58.sys
2011-09-29 18:28:33 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-09-29 18:28:33 132704 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2011-09-14 10:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 10:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 10:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 10:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 10:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2007-06-05 07:09:10 1331712 ------w- C:\Program Files\DoubleKiller.exe
.
============= FINISH: 20:24:27.58 ===============

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 03 December 2011 - 12:20 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 bloker

bloker
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 04 December 2011 - 05:48 AM

RP Hi

Thanks for your reply. I have done as you instructed and find I need some further advice.

Combofix downloaded and ran I noticed it deleted some items as it ran and at its conclusion re-booted the computer
which I was not expecting.

The log was saved but I am not able to send it to you as I am not able to open the programs on my desktop at this
time since running combofix. I am currently sending this from my laptop.

When I try to open anything at this time I get the following caption "Illegal operation attempted on a registry key that has been marked for deletion"

Nothing is currently opening at all so your best advice on the next course of action would be very apreciated. The programes appear to be there but are not opening.

I am presuming this is normal but I have not done anything until I hear from you which I need fairly urgently as i need to use the machine.

regards

Peter

#4 bloker

bloker
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 04 December 2011 - 05:48 AM

RP Hi

Thanks for your reply. I have done as you instructed and find I need some further advice.

Combofix downloaded and ran I noticed it deleted some items as it ran and at its conclusion re-booted the computer
which I was not expecting.

The log was saved but I am not able to send it to you as I am not able to open the programs on my desktop at this
time since running combofix. I am currently sending this from my laptop.

When I try to open anything at this time I get the following caption "Illegal operation attempted on a registry key that has been marked for deletion"

Nothing is currently opening at all so your best advice on the next course of action would be very apreciated. The programes appear to be there but are not opening.

I am presuming this is normal but I have not done anything until I hear from you which I need fairly urgently as i need to use the machine.

regards

Peter

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 04 December 2011 - 10:53 AM

Peter:

Rebooting your PC should resolve that illegal operation error. Once you've done that this will re-open the ComboFix log:

Posted Image Click Start > Run or press Windows Key + R copy/paste the following into the run box that opens and press OK:
c:\ComboFix.txt

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 bloker

bloker
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 04 December 2011 - 12:58 PM

Hi

Thanks for your reply. As requested I attach the log;

ComboFix 11-12-04.02 - Pete 04/12/2011 9:50.1.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.24567.21835 [GMT 0:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Evidence Eliminator
c:\program files (x86)\Evidence Eliminator\Data\Config.dat
c:\program files (x86)\Evidence Eliminator\Data\Drives.dat
c:\program files (x86)\Evidence Eliminator\Data\Files.dat
c:\program files (x86)\Evidence Eliminator\Data\FilesContents.dat
c:\program files (x86)\Evidence Eliminator\Data\Folders.dat
c:\program files (x86)\Evidence Eliminator\Data\FolderScans.dat
c:\program files (x86)\Evidence Eliminator\Data\IECookiesKeep.dat
c:\program files (x86)\Evidence Eliminator\Data\IEDownloadedKeep.dat
c:\program files (x86)\Evidence Eliminator\Data\MozillaCookiesKeep.dat
c:\program files (x86)\Evidence Eliminator\Data\OE5ChoiceList.dat
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v8.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v9.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v10.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v11.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v12.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\ASPack.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Cute FTP v7.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\EventLog.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Google Chrome.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\GoogleNavigation.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\J2 Messenger.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Quicktime.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Real Player v10.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\RemoteDesktop.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Safari Browser.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Telnet.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\YahooMessenger.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep
c:\program files (x86)\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep
c:\program files (x86)\Evidence Eliminator\Data\PlugInSelections.dat
c:\program files (x86)\Evidence Eliminator\Data\ScanMasks.dat
c:\program files (x86)\Evidence Eliminator\Data\TBChoiceList.dat
c:\program files (x86)\Evidence Eliminator\Ee.exe
c:\program files (x86)\Evidence Eliminator\EEShellExt.dll
c:\program files (x86)\Evidence Eliminator\EEStartupLauncher.exe
c:\program files (x86)\Evidence Eliminator\Help\ee.chm
c:\program files (x86)\Evidence Eliminator\INSTALL.LOG
c:\program files (x86)\Evidence Eliminator\License.txt
c:\program files (x86)\Evidence Eliminator\ReadMe.txt
c:\program files (x86)\Evidence Eliminator\UNWISE.EXE
c:\program files (x86)\Evidence Eliminator\UNWISE.INI
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-11-28 00:18 . 2011-11-30 00:19 -------- d-----w- c:\program files (x86)\Ultra Video Splitter
2011-11-25 19:12 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-25 19:12 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-25 19:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-25 19:12 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 13:06 . 2011-11-18 13:06 -------- d-----w- c:\windows\system32\Macromed
2011-11-14 13:39 . 2011-07-06 13:14 145008 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2011-11-04 17:35 . 2011-11-04 17:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-04 17:34 . 2011-11-04 17:34 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-04 17:34 . 2011-11-04 17:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-04 17:34 . 2011-11-04 17:34 -------- d-----w- c:\program files (x86)\Java
2011-11-04 16:20 . 2011-11-04 16:20 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-04 16:19 . 2011-11-04 16:19 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 13:06 . 2011-06-16 06:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-08 15:46 . 2011-10-08 15:46 53248 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-08 15:42 . 2011-10-08 15:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-29 18:28 . 2011-09-29 18:28 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-09-29 18:28 . 2011-09-29 18:28 1284192 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-09-29 18:28 . 2011-09-29 18:28 986208 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-09-29 18:28 . 2011-09-29 18:28 210528 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-09-29 18:28 . 2011-09-29 18:28 142944 ----a-w- c:\windows\system32\drivers\vsflt58.sys
2011-09-29 18:28 . 2011-09-29 18:28 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-09-29 18:28 . 2011-06-16 15:05 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-09-14 10:47 . 2011-09-14 10:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 10:47 . 2011-09-14 10:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 10:47 . 2011-09-14 10:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-09-14 10:38 . 2011-09-14 10:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 10:38 . 2011-09-14 10:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2011-04-20 01:07 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2011-04-20 00:49 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2011-09-08 17:08 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2011-09-08 17:05 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2011-04-20 00:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2011-04-20 00:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2007-06-05 07:09 . 2011-07-05 22:52 1331712 ------w- c:\program files\DoubleKiller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-11-28 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0autocheck c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-29 3409872]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-14 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-14 79360]
R4 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-06-14 79360]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-11 1030600]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 136176]
R4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
R4 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R4 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139536]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-09-18 5778648]
R4 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/06/14 20:54];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-20 11:49 146928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MirayVirtualDisk;MirayVirtualDisk;c:\windows\system32\DRIVERS\mvd.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 20:44]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-18 20:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\dgcxlgq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-9aa2d2a178178275d370b20045f70132 - c:\downlo~1\UKTS_S~1.EXE
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-Evidence Eliminator - c:\progra~2\EVIDEN~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ANI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CRW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUR\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DJVU\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EPS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FPX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICL\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JP2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.KDC\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PCX\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PGM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSD\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PSP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAS\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAW\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SGI\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TGA\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WBMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XBM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.XPM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001\Software\SecuROM\License information*]
"datasecu"=hex:87,34,cb,34,b8,b1,b0,2c,a1,6c,4b,dd,dc,5f,ac,cd,f5,d7,62,68,90,
b0,46,36,89,ad,4e,7c,0d,a0,39,4c,30,8d,8c,f8,22,70,9a,e4,15,91,16,e3,05,ec,\
"rkeysecu"=hex:07,dd,b6,cb,9d,28,f7,e7,ec,92,f2,8c,7f,8c,26,c9
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001_Classes\Wow6432Node\CLSID\{3efc542c-7b89-4cac-9978-38daad73f17c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:00000015
"MData"=hex(0):c7,30,73,83,e6,ad,64,b9,47,94,be,e3,eb,66,49,6d,3f,a8,39,9b,73,
75,c4,a9,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3344541473-2111114155-1015492312-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):56,83,bd,52,fd,ab,9e,e8,5d,4a,67,d3,8b,63,69,8c,cc,c1,fa,2e,01,
23,fc,4b,cc,f6,0f,9b,9d,52,45,9d,d1,bd,94,c2,90,34,86,10,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-12-04 10:06:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-04 10:06
.
Pre-Run: 840,719,982,592 bytes free
Post-Run: 840,545,275,904 bytes free
.
- - End Of File - - FD7693B75C9F19B9A7665C19C0816E3B



Regards


Peter

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 04 December 2011 - 01:29 PM

Peter:

Please do this next:

Posted Image Please download MiniToolBox and run it.

Check the following items:

  • Flush DNS
  • List content of Hosts
  • List IP configuration
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and copy/paste the log (Result.txt) into your next post.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MiniToolBox log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 bloker

bloker
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 04 December 2011 - 07:47 PM

Hi
Thanks for your reply. As requested I attach the following logs;

Mini Tool Box

MiniToolBox by Farbar
Ran by Pete (administrator) on 04-12-2011 at 23:29:20
Windows 7 Professional Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Connected)
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Computer1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.gateway

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : home.gateway
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
Physical Address. . . . . . . . . : 20-CF-30-76-EA-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::89a4:42:9dc2:6aa4%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 04 December 2011 17:49:34
Lease Expires . . . . . . . . . . : 05 December 2011 21:19:26
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 304140080
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-88-43-BD-20-CF-30-76-EE-4F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home.gateway
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 20-CF-30-76-EE-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home.gateway:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:38ef:1d3b:2664:a369(Preferred)
Link-local IPv6 Address . . . . . : fe80::38ef:1d3b:2664:a369%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: home.gateway.home.gateway
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.147.106
209.85.147.147
209.85.147.99
209.85.147.103
209.85.147.104
209.85.147.105


Pinging google.com [209.85.147.105] with 32 bytes of data:
Reply from 209.85.147.105: bytes=32 time=32ms TTL=55
Reply from 209.85.147.105: bytes=32 time=32ms TTL=55

Ping statistics for 209.85.147.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 32ms, Average = 32ms
Server: home.gateway.home.gateway
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=213ms TTL=48
Reply from 72.30.2.43: bytes=32 time=209ms TTL=48

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 209ms, Maximum = 213ms, Average = 211ms
Server: home.gateway.home.gateway
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...20 cf 30 76 ea 82 ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
10...20 cf 30 76 ee 4f ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.105 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 266
192.168.1.105 255.255.255.255 On-link 192.168.1.105 266
192.168.1.255 255.255.255.255 On-link 192.168.1.105 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:79fd:38ef:1d3b:2664:a369/128
On-link
11 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::38ef:1d3b:2664:a369/128
On-link
11 266 fe80::89a4:42:9dc2:6aa4/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

=========================== Installed Programs ============================


ACDSee Photo Manager 12 (Version: 12.0.342)
Acoustica Effects Pack (Version: 3.0)
Acoustica Mixcraft 5
Acronis Sync Agent (Version: 15.0.5583)
Acronis Disk Director Home (Version: 11.0.216)
Acronis True Image Home 2012 (Version: 15.0.5545)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Photoshop CS5.1 (Version: 12.1)
AMD APP SDK Runtime (Version: 2.5.732.1)
AMD Catalyst Install Manager (Version: 3.0.842.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.60914.1136)
µTorrent (Version: 2.2.1)
Autodesk 3ds Max Design 2010 64-bit (Version: 12.0)
Autodesk 3ds Max Design 2010 64-bit Components (Version: 12.0)
Autodesk 3ds Max Design 2010 Tutorials Files (Version: 12.0)
Autodesk Backburner 2008.1 (Version: 2008.1.1)
Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.2102)
Blender (Version: 2.59-release)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0908.1355.23115)
Catalyst Control Center Graphics Previews Common (Version: 2011.0908.1355.23115)
Catalyst Control Center InstallProxy (Version: 2011.0908.1355.23115)
ccc-utility64 (Version: 2011.0908.1355.23115)
CCC Help English (Version: 2011.0908.1354.23115)
Cities XL 2011 (Version: 1.0.0)
Creative 3DMIDI Player (Version: 1.11)
Creative ALchemy (Version: 1.41)
Creative Audio Control Panel (Version: 3.00)
Creative Console Launcher (Version: 2.61)
Creative Diagnostics (Version: 5.11)
Creative Media Toolbox 6 (Shared Components) (Version: 2.80.12)
Creative Media Toolbox 6 (Version: 6.02)
Creative MediaSource 5 (Version: 5.26)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition (Version: 1.02)
Creative WaveStudio 7 (Version: 7.12)
Creative WebCam Control
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink InstantBurn (Version: 5.0.5509b)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerBackup (Version: 2.5.6023)
CyberLink PowerDirector (Version: 7.0.3622)
CyberLink PowerDVD 8 (Version: 8.0.3228e)
CyberLink PowerProducer (Version: 5.0.2.2415)
Diskeeper 2009 Pro Premier (Version: 13.0.844.64)
Dolby Digital Live Pack (Version: 3.00)
DTS Connect Pack (Version: 1.00)
eReg (Version: 1.20.138.34)
Evidence Eliminator
FotoSketcher 2.10
Foxit Reader (Version: 4.2.0.928)
Google Chrome (Version: 15.0.874.121)
Google SketchUp Pro 8 (Version: 3.0.3117)
Google Update Helper (Version: 1.3.21.79)
Greenshot
HDClone 4 Professional Edition
IDM 6.06 Build 2 from Moon-Dancer Dev. & Co.
Internet Download Manager
IrfanView (remove only) (Version: 4.27)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
Java™ 6 Update 29 (Version: 6.0.290)
K-Lite Mega Codec Pack 5.8.3 (Version: 5.8.3)
Logitech SetPoint 6.30 (Version: 6.30.43)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 8.0.1 (x86 en-GB) (Version: 8.0.1)
Newsbin Pro (Version: 5.59)
OpenAL
PDF Settings CS5 (Version: 10.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RoboForm 7-6-4 (All Users) (Version: 7-6-4)
Spybot - Search & Destroy (Version: 1.6.2)
SWF Opener
TeraCopy 2.12
Total Commander (Remove or Repair) (Version: 7.56a)
Trucks & Trailers 1.00 (Version: 1.00)
UK Truck Simulator 1.06 (Version: 1.06)
Ultra Video Joiner 6.2.0411
Ultra Video Splitter 6.2.1123
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.11 (Version: 1.1.11)
Wacom Tablet (Version: 6.1.6-7)
WebTablet IE Plugin (Version: 1.1.0.7)
WebTablet Netscape Plugin (Version: 1.1.0.5)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 10%
Total physical RAM: 24567.11 MB
Available physical RAM: 21932.29 MB
Total Pagefile: 49132.42 MB
Available Pagefile: 46151.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.11 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.51 GB) (Free:766.5 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:1862.92 GB) (Free:1602.64 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPUTER1

Administrator Guest Pete


**** End of log ****


MBAm Log


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8311

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

05/12/2011 00:26:19
mbam-log-2011-12-05 (00-26-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 491865
Time elapsed: 43 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\program files\bflixinstaller.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
d:\program files\downloads\autodesk.keygens\3ds max 2009\max2009-32bit-keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
d:\program files\downloads\autodesk.keygens\autocad 2009\xf-acad9-32-bits.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
d:\program files\downloads\autodesk.keygens\autocad 2009\xf-acad9-64-bits.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\program files\downloads\autodesk.keygens\autocad architecture 2009\xf-acada2k9-32bit-kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\program files\downloads\autodesk.keygens\autocad architecture 2009\xf-acada2k9-64bit-kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\program files\downloads\autodesk.keygens\inventor pro 2009\xf-aip2k9-32bit-kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.


Regards


Peter

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 05 December 2011 - 02:18 PM

Peter:

Posted ImageYour logs indicate that you are using cracks and/or keygens. We don't support software piracy on this forum so, please promptly remove any additonal illegal software from this PC. This is most likely one of the reasons your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. If you install the cracked software, you are running executable files from dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Are your searches still being redirected? Please do this next:

Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image Please go to here to run an online scan with ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • aswMBR log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 bloker

bloker
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 05 December 2011 - 06:47 PM

Hi
Thank you for your reply.

my computer appears to be operating ok. Currently FireFox does not appear to be re-directing access times appear to be good also.

As instructed I attach the following;

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-05 22:06:19
-----------------------------
22:06:19.692 OS Version: Windows x64 6.1.7601 Service Pack 1
22:06:19.692 Number of processors: 12 586 0x2C02
22:06:19.693 ComputerName: COMPUTER1 UserName: Pete
22:06:21.400 Initialize success
22:07:55.464 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:07:55.467 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
22:07:55.469 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
22:07:55.472 Disk 1 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
22:07:55.492 Disk 1 MBR read successfully
22:07:55.495 Disk 1 MBR scan
22:07:55.498 Disk 1 Windows 7 default MBR code
22:07:55.501 Service scanning
22:07:56.529 Modules scanning
22:07:56.533 Disk 1 trace - called modules:
22:07:56.540 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt58.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:07:56.544 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8013e5a790]
22:07:56.548 3 CLASSPNP.SYS[fffff88001c7443f] -> nt!IofCallDriver -> [0xfffffa8013dcd850]
22:07:56.553 5 vsflt58.sys[fffff88000f7e0ed] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8013c24060]
22:07:56.558 Scan finished successfully
22:09:17.371 Disk 1 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
22:09:17.376 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"


C:\Downloads\Acoustica Mixcraft v5.2 build 151+Patch\Acoustica Mixcraft v5.2 build 151+patch.exe a variant of Win32/HackTool.Patcher.T application
C:\Downloads\Autodesk.Keygens\3DS MAX 2009\MAX2009-32bit-Keygen.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\3DS MAX 2009\MAX2009-64bit-Keygen.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD Architecture 2009\XF-ACADA2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD Architecture 2009\XF-ACADA2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD Electrical 2009\XF-ACADE2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD Electrical 2009\XF-ACADE2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD LT 2009\XF-ACADLT2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD LT 2009\XF-ACADLT2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD MAP 3D 2009\XF-MAP3D2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD MEP 2009\XF-MEP2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\AutoCAD MEP 2009\XF-MEP2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Inventor Pro 2009\XF-AIP2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Inventor Pro 2009\XF-AIP2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Inventor Suite 2009\XF-INV2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Inventor Suite 2009\XF-INV2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\NaviWorks Manage 2009\XF-NWM2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\NaviWorks Review 2009\XF-NWR2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\NaviWorks Simulate 2009\XF-NWS2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Quantity Takeoff 2009\XF-QTO2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Raster Design 2009\XF-RDESIGN2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Raster Design 2009\XF-RDESIGN2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit Architecture 2009\XF-REVITARCHI-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit Architecture 2009 Suite\XF-REVITARCHIS-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit MEP 2009\XF-REVITMEP-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit Structure 2009\XF-REVITST-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit Structure Suite 2009\XF-ACAD2k9-REVIT-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit Structure Suite 2009\XF-ACAD2k9-REVIT-64bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Autodesk.Keygens\Revit Structure Suite 2009\XF-REVITSS-32bit-KG.exe a variant of Win32/Keygen.BT application
C:\Downloads\Unpacked Photo Shop & 3DS\autodesk.3ds.max.design.2010\activate\activate.64bit\activate.exe a variant of Win32/Keygen.BL application
D:\Program Files\Downloads\Acoustica Mixcraft v5.2 build 151+Patch\Acoustica Mixcraft v5.2 build 151+patch.exe a variant of Win32/HackTool.Patcher.T application
D:\Program Files\Downloads\Autodesk.Keygens\3DS MAX 2009\MAX2009-64bit-Keygen.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD Electrical 2009\XF-ACADE2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD Electrical 2009\XF-ACADE2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD LT 2009\XF-ACADLT2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD LT 2009\XF-ACADLT2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD MAP 3D 2009\XF-MAP3D2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD MEP 2009\XF-MEP2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\AutoCAD MEP 2009\XF-MEP2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Inventor Pro 2009\XF-AIP2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Inventor Suite 2009\XF-INV2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Inventor Suite 2009\XF-INV2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\NaviWorks Manage 2009\XF-NWM2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\NaviWorks Review 2009\XF-NWR2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\NaviWorks Simulate 2009\XF-NWS2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Quantity Takeoff 2009\XF-QTO2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Raster Design 2009\XF-RDESIGN2k9-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Raster Design 2009\XF-RDESIGN2k9-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit Architecture 2009\XF-REVITARCHI-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit Architecture 2009 Suite\XF-REVITARCHIS-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit MEP 2009\XF-REVITMEP-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit Structure 2009\XF-REVITST-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit Structure Suite 2009\XF-ACAD2k9-REVIT-32bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit Structure Suite 2009\XF-ACAD2k9-REVIT-64bit-KG.exe a variant of Win32/Keygen.BT application
D:\Program Files\Downloads\Autodesk.Keygens\Revit Structure Suite 2009\XF-REVITSS-32bit-KG.exe a variant of Win32/Keygen.BT application


Regrds

Peter

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 05 December 2011 - 10:46 PM

Peter:

This will take care of those ESET detections:

Posted Image Open notepad and copy/paste the text in the quotebox below into it:

@echo off
rd "C:\Downloads\Acoustica Mixcraft v5.2 build 151+Patch"
rd "C:\Downloads\Autodesk.Keygens"
rd "D:\Program Files\Downloads\Acoustica Mixcraft v5.2 build 151+Patch"
rd "D:\Program Files\Downloads\Autodesk.Keygens"
del /Q %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this: Posted Image
Double click on fix.bat & allow it to run.

Other than that your logs look good. All that I have left for you is some very important cleanup:

Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Delete the following tools along with any other logs you saved from our work:
  • DDS
  • aswMBR
Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs, cracks and keygens. Refer back to my earlier post for more information.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 bloker

bloker
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:47 AM

Posted 06 December 2011 - 07:14 PM

RP

Thank you for your assistance with this problem I have now completed this piece of work and my machine is now free from this
infection. Whilst I am not pleased with my reasoning for being here, I am non the less pleased to have found such a site with such
invaluable expertise and services.

I am very happy to be a member of this and hopefully learn from the valuable information contained here. I have accordingly made a donation.

bloker

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 06 December 2011 - 09:02 PM

Thank you very much, bloker. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:47 AM

Posted 07 December 2011 - 05:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users