Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible rootkit/trojan, causing frequent BSOD


  • This topic is locked This topic is locked
23 replies to this topic

#1 harry.yp

harry.yp

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 01:22 PM

hi, im new on this forum and i have a problem with my laptop. A month ago, my laptop suddenly gets BSOD when browsing some web and that's the first time in my life i had a BSOD after the laptop running fine for 2-3 years. the BSOD occurs mostly when entering Windows Startup, so i can't boot normally (except when I disabling the display driver), if i can boot normally, it will BSOD soon after I ran any programs, I assure you there is no driver or hardware failure as I already tested them (reinstall drivers, benchmarking GPU, CPU, RAM and all was passed.) here is the log from DDS

(im booting normal mode with display driver disabled) :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.17.2
Run by Harry at 1:12:57 on 2013-04-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.62.1033.18.3958.2215 [GMT 7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ONLINE MANAGER\UIMain.exe
C:\Program Files (x86)\ONLINE MANAGER\CMUpdater.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{8335D9F9-BDB6-4461-AEEE-C0FE2BD82FA9} : NameServer = 192.168.4.28 10.11.12.14
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\a3lday15.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-09 13:14; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-09 16:48; mozilla_cc@internetdownloadmanager.com; C:\Users\Harry\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-04-12 02:59; {c36177c0-224a-11da-8cd6-0800200c9a91}; C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\a3lday15.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-9 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-9 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-9 377920]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-20 240640]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-9 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-9 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-9 45248]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2013-4-8 21992]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-3-1 165112]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-8 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-8 701512]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2013-4-8 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-4-8 39464]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2013-4-12 122752]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2013-4-12 122752]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\System32\drivers\HSPADataCardusbser.sys [2013-4-12 122752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-8 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-8 347680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-9 178624]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2013-4-12 12800]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-4-8 245792]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WinRing0_1_2_0;WinRing0_1_2_0;H:\Installer\Software\RealTemp_360\WinRing0x64.sys [2011-7-14 14544]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-4-8 98208]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-8 13336]
S4 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\ONLINE MANAGER\AssistantServices.exe [2013-4-12 253264]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-8 2320920]
.
=============== Created Last 30 ================
.
2013-04-13 14:07:23    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2013-04-13 14:07:19    --------    d-----w-    C:\Program Files (x86)\AMD APP
2013-04-13 14:07:03    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2013-04-13 14:07:03    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2013-04-13 13:56:51    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-04-13 13:54:16    --------    d-----w-    C:\Program Files\ATI Technologies
2013-04-13 13:54:15    --------    d-----w-    C:\Program Files\ATI
2013-04-13 01:29:17    --------    d-----w-    C:\FRST
2013-04-13 00:00:45    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2013-04-12 18:57:06    --------    d-----w-    C:\Users\Harry\AppData\Roaming\Process Hacker 2
2013-04-12 18:53:13    --------    d-----w-    C:\Program Files\Process Hacker 2
2013-04-12 17:37:59    646144    ----a-w-    C:\Windows\sysnadr64.exe
2013-04-12 17:37:20    3747    ----a-w-    C:\Windows\memgprep.dll
2013-04-12 17:37:20    3440128    ----a-w-    C:\Windows\diskediag.exe
2013-04-12 17:37:20    304    ----a-w-    C:\Windows\km32hlpr.dll
2013-04-12 17:37:20    0    ----a-w-    C:\Windows\wnsperf32.dll
2013-04-12 17:37:20    0    ----a-w-    C:\Windows\winid332.dll
2013-04-12 17:37:20    0    ----a-w-    C:\Windows\stdensrv.dll
2013-04-12 17:37:20    0    ----a-w-    C:\Windows\javexisb.dll
2013-04-12 17:37:20    0    ----a-w-    C:\Windows\javexisa.dll
2013-04-12 17:37:20    0    ----a-w-    C:\Windows\cr2gui32.dll
2013-04-12 17:37:19    --------    d-----w-    C:\Windows\ServiceLECache
2013-04-12 17:22:59    8576    ----a-w-    C:\Windows\SysWow64\drivers\KProcWatch.sys
2013-04-12 17:22:58    --------    d-----w-    C:\Program Files (x86)\HiddenFinder
2013-04-12 15:37:24    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 12:03:25    --------    d-----w-    C:\Program Files (x86)\ati_winflash_2.0.1.18
2013-04-12 10:39:28    35792    ----a-w-    C:\Windows\System32\TURegOpt.exe
2013-04-12 10:39:27    27088    ----a-w-    C:\Windows\System32\authuitu.dll
2013-04-12 10:39:26    22480    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2013-04-12 10:39:00    --------    d-----w-    C:\Users\Harry\AppData\Roaming\AVG
2013-04-12 10:38:29    --------    d-----w-    C:\Program Files (x86)\AVG
2013-04-12 10:37:55    --------    d-----w-    C:\ProgramData\AVG
2013-04-12 10:37:43    --------    d-s---w-    C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-12 10:22:38    --------    d-----w-    C:\Users\Harry\AppData\Roaming\ZumoDrive
2013-04-12 01:36:30    336374    ----a-w-    C:\DUMP47d8.tmp
2013-04-12 01:36:30    336374    ----a-w-    C:\DUMP47a9.tmp
2013-04-12 01:36:30    336374    ----a-w-    C:\DUMP447e.tmp
2013-04-12 01:36:30    336374    ----a-w-    C:\DUMP43f2.tmp
2013-04-11 21:02:09    --------    d-----w-    C:\Program Files (x86)\Geeks3D
2013-04-11 20:55:23    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-04-11 20:10:51    --------    d-----w-    C:\Users\Harry\AppData\Local\Macromedia
2013-04-11 19:57:46    691592    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-11 17:27:31    --------    d-----w-    C:\Program Files (x86)\ESET
2013-04-11 17:24:41    12800    ----a-w-    C:\Windows\System32\drivers\massfilter.sys
2013-04-11 17:24:41    122752    ----a-w-    C:\Windows\System32\drivers\HSPADataCardusbser.sys
2013-04-11 17:24:40    122752    ----a-w-    C:\Windows\System32\drivers\HSPADataCardusbnmea.sys
2013-04-11 17:24:40    122752    ----a-w-    C:\Windows\System32\drivers\HSPADataCardusbmdm.sys
2013-04-11 17:24:14    --------    d-----w-    C:\Windows\SysWow64\SupportAppCB
2013-04-11 17:24:12    --------    d-----w-    C:\Program Files (x86)\ONLINE MANAGER
2013-04-11 07:07:35    --------    d-----w-    C:\Windows\System32\wbem\repository
2013-04-11 05:13:18    --------    d-----w-    C:\Users\Harry\AppData\Roaming\Sierra
2013-04-11 05:08:05    733184    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2013-04-11 05:08:05    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2013-04-11 05:08:05    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2013-04-11 05:08:05    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2013-04-11 05:08:05    172032    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2013-04-11 05:08:02    180356    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-04-11 05:08:01    303236    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-04-11 04:44:57    274432    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-11 04:44:57    180224    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-11 04:44:56    749568    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-11 04:44:56    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-11 04:44:56    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-11 04:44:49    323716    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-11 04:44:49    192644    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-11 00:21:51    --------    d-----w-    C:\Program Files\WinHTTrack
2013-04-11 00:17:04    --------    d-----w-    C:\Program Files (x86)\Ray Adams
2013-04-11 00:01:44    --------    d-----w-    C:\Windows\PCHEALTH
2013-04-10 23:59:23    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-04-10 23:59:06    --------    d-----w-    C:\Users\Harry\AppData\Local\Microsoft Help
2013-04-10 23:55:38    --------    d-----w-    C:\Users\Harry\AppData\Roaming\ChessBase
2013-04-10 23:55:38    --------    d-----w-    C:\Users\Harry\AppData\Local\ChessBase
2013-04-10 23:55:12    --------    d-----w-    C:\Program Files (x86)\Common Files\ChessBase
2013-04-10 23:55:08    --------    d-----w-    C:\Program Files (x86)\ChessBase
2013-04-10 20:50:19    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 08:03:22    --------    d-----w-    C:\Program Files (x86)\Elaborate Bytes
2013-04-10 03:14:56    --------    d-----w-    C:\Users\Harry\AppData\Roaming\fltk.org
2013-04-10 03:01:40    --------    d-----w-    C:\Program Files (x86)\Xilisoft
2013-04-10 02:54:29    --------    d-----w-    C:\Program Files (x86)\Anvil Studio
2013-04-10 02:54:05    --------    d-----w-    C:\Program Files (x86)\CDCheck
2013-04-10 01:21:27    --------    d-----w-    C:\Users\Harry\AppData\Local\Adobe
2013-04-09 12:58:30    --------    d-----w-    C:\Program Files (x86)\DomDomSoft Anime Downloader
2013-04-09 12:58:18    --------    d-----w-    C:\Program Files (x86)\DomDomSoft Manga Downloader
2013-04-09 12:55:01    --------    d-----w-    C:\ProgramData\ACD Systems
2013-04-09 12:54:55    --------    d-----w-    C:\Program Files (x86)\Common Files\ACD Systems
2013-04-09 12:54:55    --------    d-----w-    C:\Program Files (x86)\ACD Systems
2013-04-09 12:54:25    --------    d-----w-    C:\Users\Harry\AppData\Local\Downloaded Installations
2013-04-09 12:54:21    --------    d-----w-    C:\Program Files (x86)\Cheat Engine 6.2
2013-04-09 12:53:25    --------    d-----w-    C:\Program Files\Fresco Logic Inc
2013-04-09 12:52:39    --------    d-----w-    C:\Program Files (x86)\Writeitnow4
2013-04-09 12:13:33    --------    d-----w-    C:\Windows\SysWow64\directx
2013-04-09 12:06:24    --------    d-----w-    C:\Program Files (x86)\Audacity
2013-04-09 11:55:03    --------    d-----w-    C:\Windows\System32\appmgmt
2013-04-09 11:52:53    --------    d-----w-    C:\Users\Harry\AppData\Roaming\Rovio
2013-04-09 11:43:21    --------    d-----w-    C:\Users\Harry\AppData\Roaming\The Creative Assembly
2013-04-09 09:46:58    529424    ----a-w-    C:\Windows\System32\d3dx10_37.dll
2013-04-09 09:44:26    --------    d-----w-    C:\Program Files (x86)\MSI Kombustor
2013-04-09 08:40:40    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-04-09 08:40:40    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-04-09 08:38:10    178688    ----a-w-    C:\Windows\SysWow64\unrar.dll
2013-04-09 08:38:03    --------    d-----w-    C:\Program Files (x86)\K-Lite Codec Pack
2013-04-09 08:13:06    --------    d-----w-    C:\Program Files (x86)\Winamp Detect
2013-04-09 08:12:32    --------    d-----w-    C:\Program Files (x86)\Common Files\PX Storage Engine
2013-04-09 07:19:21    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-04-09 06:15:23    70992    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-04-09 06:15:23    178624    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-04-09 06:15:23    1025808    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-04-09 06:15:21    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-04-09 06:15:17    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-09 06:14:18    41664    ----a-w-    C:\Windows\avastSS.scr
2013-04-09 06:13:55    --------    d-----w-    C:\Program Files\AVAST Software
2013-04-09 06:13:01    --------    d-----w-    C:\ProgramData\AVAST Software
2013-04-09 06:06:54    --------    d-----w-    C:\Users\Harry\AppData\Roaming\SUPERAntiSpyware.com
2013-04-09 06:06:43    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-04-09 06:06:42    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-04-09 06:06:15    --------    d-----w-    C:\Users\Harry\AppData\Local\Mozilla
2013-04-09 06:04:46    --------    d-----w-    C:\Users\Harry\AppData\Roaming\HTML Executable
2013-04-09 06:00:41    --------    d-----w-    C:\Users\Harry\AppData\Local\Avg2013
2013-04-08 17:49:13    --------    d-----w-    C:\Users\Harry\AppData\Roaming\TuneUp Software
2013-04-08 17:43:04    --------    d-----w-    C:\Users\Harry\AppData\Local\MFAData
2013-04-08 17:43:04    --------    d-----w-    C:\ProgramData\MFAData
2013-04-08 17:43:04    --------    d-----w-    C:\ProgramData\Common Files
2013-04-08 17:28:08    --------    d-----w-    C:\Windows\Panther
2013-04-08 15:03:56    --------    d-----w-    C:\Users\Harry\AppData\Local\Hewlett-Packard
2013-04-08 14:53:55    --------    d-----w-    C:\Windows\pss
2013-04-08 14:09:11    --------    d-----w-    C:\Users\Harry\AppData\Local\Microsoft Games
2013-04-08 14:05:16    --------    d-----w-    C:\Users\Harry\AppData\Roaming\Malwarebytes
2013-04-08 14:05:10    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-04-08 14:05:09    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-08 14:05:09    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-08 14:04:52    --------    d-----w-    C:\Users\Harry\AppData\Local\Programs
2013-04-08 11:49:24    --------    d-----w-    C:\Program Files (x86)\Alcohol Soft
2013-04-08 03:41:08    --------    d-----w-    C:\Program Files (x86)\GPU-Z
2013-04-08 03:40:28    21992    ----a-w-    C:\Windows\System32\drivers\cpuz135_x64.sys
2013-04-08 03:40:28    --------    d-----w-    C:\Program Files\CPUID
2013-04-08 03:36:20    --------    d-----w-    C:\Users\Harry\AppData\Local\ATI
2013-04-08 03:26:43    --------    d-----w-    C:\Users\Harry\AppData\Roaming\hpqLog
2013-04-08 03:24:36    --------    d-----w-    C:\ProgramData\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
2013-04-08 03:22:39    --------    d-----w-    C:\Users\Harry\AppData\Local\Broadcom
2013-04-08 03:21:37    344616    ----a-w-    C:\Windows\System32\drivers\btwampfl.sys
2013-04-08 03:21:36    39464    ----a-w-    C:\Windows\System32\drivers\btwl2cap.sys
2013-04-08 03:21:36    21544    ----a-w-    C:\Windows\System32\drivers\btwrchid.sys
2013-04-08 03:21:36    135720    ----a-w-    C:\Windows\System32\drivers\btwavdt.sys
2013-04-08 03:21:36    102952    ----a-w-    C:\Windows\System32\drivers\btwaudio.sys
2013-04-08 03:20:02    --------    d-----w-    C:\Program Files\WIDCOMM
2013-04-08 03:18:46    74272    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2013-04-08 03:18:46    347680    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2013-04-08 03:18:46    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2013-04-08 03:18:19    --------    d-----w-    C:\Program Files (x86)\Cisco
2013-04-08 03:18:08    --------    d-----w-    C:\Program Files\Synaptics
2013-04-08 03:17:09    95544    ----a-w-    C:\Windows\System32\bcmwlcoi.dll
2013-04-08 03:17:09    6656    ----a-w-    C:\Windows\System32\bcmwlrc.dll
2013-04-08 03:17:09    3891200    ----a-w-    C:\Windows\System32\bcmihvsrv64.dll
2013-04-08 03:17:09    3555840    ----a-w-    C:\Windows\System32\bcmihvui64.dll
2013-04-08 03:17:09    3063360    ----a-w-    C:\Windows\System32\drivers\BCMWL664.SYS
2013-04-08 03:17:09    --------    d-----w-    C:\Program Files\Broadcom
2013-04-08 03:15:57    --------    d-----w-    C:\Users\Harry\AppData\Roaming\Intel Corporation
2013-04-08 03:11:33    --------    d-----w-    C:\Program Files (x86)\Phyxion.net
2013-04-08 02:55:10    --------    d-----w-    C:\Users\Harry\AppData\Roaming\Smadav
2013-04-08 02:55:10    --------    d-----w-    C:\Program Files (x86)\Smadav
2013-04-08 02:54:20    --------    d-----w-    C:\ProgramData\AMD
2013-04-08 02:50:02    --------    d-sh--w-    C:\Windows\Installer
2013-04-08 02:44:48    --------    d-----w-    C:\Program Files (x86)\Common Files\postureAgent
2013-04-08 02:44:28    540696    ----a-w-    C:\Windows\System32\drivers\iaStor.sys
2013-04-08 02:41:27    245792    ----a-w-    C:\Windows\System32\drivers\RtsUStor.sys
2013-04-08 02:41:25    9112096    ----a-w-    C:\Windows\SysWow64\RtsUStoricon.dll
2013-04-08 02:41:24    422432    ----a-w-    C:\Windows\System32\RtsUStor.dll
2013-04-08 02:41:24    --------    d-----w-    C:\Program Files (x86)\Realtek
2013-04-08 02:41:02    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2013-04-07 17:50:15    --------    d-----w-    C:\Intel
2013-04-07 16:08:23    --------    d-----w-    C:\Windows2
.
==================== Find3M  ====================
.
.
============= FINISH:  1:13:49,55 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 13 April 2013 - 02:25 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
 
 

aswmbr-1-1.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

aswmbrscan.jpg
Click the image to enlarge it
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 02:37 PM

thx for the reply Jeff,

for some reason aswMBR didn't work, it always crashes in the middle of the scan, particularly when finish displaying my harddisk partitions,
could it be some malware blocking out the program?



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 13 April 2013 - 02:38 PM

Could be that....boot to Safe Mode with Networking and then try to run the scan from there.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 02:48 PM

still not working, same crashes like before, although the crashes delayed longer this time, about 5-10 seconds



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 13 April 2013 - 02:53 PM

Ok let's try a different tool...
 
 
TDSK.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 02:58 PM

TDSS not found anything,

oh just reminding, I can't use internet even in Safe Mode with Networking because I'm using a portable modem (driver not working in safe mode), so i must reboot to normal mode (with display driver disabled) to use internet, but i already used aswMBR before in safe mode,

Attached Files



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 13 April 2013 - 03:25 PM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 03:43 PM

Combofix saved directly to desktop and finished scan

 

 

 

ComboFix 13-04-12.02 - Harry 14/04/2013   3:31.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.62.1033.18.3958.2601 [GMT 7:00]
Running from: c:\users\Harry\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-13 to 2013-04-13  )))))))))))))))))))))))))))))))
.
.
2013-04-13 20:36 . 2013-04-13 20:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-13 14:09 . 2013-04-13 14:09    --------    d-----w-    c:\programdata\ATI
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files (x86)\AMD APP
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-04-13 13:56 . 2013-04-13 13:56    0    ----a-w-    c:\windows\ativpsrm.bin
2013-04-13 13:54 . 2013-04-13 13:55    --------    d-----w-    c:\program files\ATI Technologies
2013-04-13 13:54 . 2013-04-13 13:54    --------    d-----w-    c:\program files\ATI
2013-04-13 01:29 . 2013-04-13 01:29    --------    d-----w-    C:\FRST
2013-04-13 00:00 . 2013-04-13 00:00    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-04-12 18:53 . 2013-04-12 18:53    --------    d-----w-    c:\program files\Process Hacker 2
2013-04-12 17:37 . 2013-04-12 17:38    646144    ----a-w-    c:\windows\sysnadr64.exe
2013-04-12 17:37 . 2013-04-12 17:37    3440128    ----a-w-    c:\windows\diskediag.exe
2013-04-12 17:37 . 2013-04-12 17:37    3747    ----a-w-    c:\windows\memgprep.dll
2013-04-12 17:37 . 2011-03-27 13:21    304    ----a-w-    c:\windows\km32hlpr.dll
2013-04-12 17:37 . 2011-03-06 05:03    0    ----a-w-    c:\windows\wnsperf32.dll
2013-04-12 17:37 . 2010-08-21 07:03    0    ----a-w-    c:\windows\cr2gui32.dll
2013-04-12 17:37 . 2010-08-21 07:03    0    ----a-w-    c:\windows\winid332.dll
2013-04-12 17:37 . 2010-08-21 07:03    0    ----a-w-    c:\windows\stdensrv.dll
2013-04-12 17:37 . 2010-08-21 07:02    0    ----a-w-    c:\windows\javexisa.dll
2013-04-12 17:37 . 2010-04-17 01:35    0    ----a-w-    c:\windows\javexisb.dll
2013-04-12 17:37 . 2013-04-12 17:37    --------    d-----w-    c:\windows\ServiceLECache
2013-04-12 17:22 . 2006-02-23 14:03    8576    ----a-w-    c:\windows\SysWow64\drivers\KProcWatch.sys
2013-04-12 17:22 . 2013-04-12 17:22    --------    d-----w-    c:\program files (x86)\HiddenFinder
2013-04-12 15:37 . 2013-04-12 15:37    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-04-12 15:37 . 2013-04-12 15:37    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 15:37 . 2013-04-12 15:37    --------    d-----w-    c:\program files (x86)\Java
2013-04-12 12:03 . 2013-04-12 12:03    --------    d-----w-    c:\program files (x86)\ati_winflash_2.0.1.18
2013-04-12 10:39 . 2012-12-14 04:42    35792    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-04-12 10:39 . 2012-12-14 04:42    27088    ----a-w-    c:\windows\system32\authuitu.dll
2013-04-12 10:39 . 2012-12-14 04:42    22480    ----a-w-    c:\windows\SysWow64\authuitu.dll
2013-04-12 10:38 . 2013-04-12 10:38    --------    d-----w-    c:\program files (x86)\AVG
2013-04-12 10:37 . 2013-04-12 10:39    --------    d-----w-    c:\programdata\AVG
2013-04-12 10:37 . 2013-04-12 10:37    --------    d-s---w-    c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-12 01:36 . 2013-04-13 12:45    336374    ----a-w-    C:\DUMP47a9.tmp
2013-04-12 01:36 . 2013-04-13 12:39    336374    ----a-w-    C:\DUMP47d8.tmp
2013-04-12 01:36 . 2013-04-12 14:47    336374    ----a-w-    C:\DUMP43f2.tmp
2013-04-12 01:36 . 2013-04-12 14:43    336374    ----a-w-    C:\DUMP447e.tmp
2013-04-11 21:02 . 2013-04-11 21:02    --------    d-----w-    c:\program files (x86)\Geeks3D
2013-04-11 19:57 . 2013-04-11 19:57    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 17:27 . 2013-04-11 17:27    --------    d-----w-    c:\program files (x86)\ESET
2013-04-11 17:24 . 2010-04-19 07:23    12800    ----a-w-    c:\windows\system32\drivers\massfilter.sys
2013-04-11 17:24 . 2010-04-19 07:23    122752    ----a-w-    c:\windows\system32\drivers\HSPADataCardusbser.sys
2013-04-11 17:24 . 2010-04-19 07:23    122752    ----a-w-    c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2013-04-11 17:24 . 2010-04-19 07:23    122752    ----a-w-    c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2013-04-11 17:24 . 2013-04-11 17:24    --------    d-----w-    c:\windows\SysWow64\SupportAppCB
2013-04-11 17:24 . 2013-04-13 20:36    --------    d-----w-    c:\program files (x86)\ONLINE MANAGER
2013-04-11 07:07 . 2013-04-13 19:45    --------    d-----w-    c:\windows\system32\wbem\repository
2013-04-11 00:21 . 2013-04-11 00:22    --------    d-----w-    c:\program files\WinHTTrack
2013-04-11 00:17 . 2013-04-11 00:17    --------    d-----w-    c:\program files (x86)\Ray Adams
2013-04-11 00:01 . 2013-04-11 00:01    --------    d-----w-    c:\windows\PCHEALTH
2013-04-10 23:59 . 2013-04-10 23:59    --------    d-----w-    c:\program files\Microsoft Office
2013-04-10 23:59 . 2013-04-10 23:59    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2013-04-10 23:59 . 2013-04-11 00:03    --------    d-----w-    c:\programdata\Microsoft Help
2013-04-10 23:55 . 2013-04-10 23:55    --------    d-----w-    c:\program files (x86)\Common Files\ChessBase
2013-04-10 23:55 . 2013-04-10 23:55    --------    d-----w-    c:\program files (x86)\ChessBase
2013-04-10 20:50 . 2013-04-11 19:57    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 20:50 . 2013-04-10 20:50    --------    d-----w-    c:\windows\SysWow64\Macromed
2013-04-10 20:50 . 2013-04-10 20:50    --------    d-----w-    c:\windows\system32\Macromed
2013-04-10 08:03 . 2013-04-10 08:03    --------    d-----w-    c:\program files (x86)\Elaborate Bytes
2013-04-10 03:01 . 2013-04-10 03:01    --------    d-----w-    c:\program files (x86)\Xilisoft
2013-04-10 02:54 . 2013-04-10 02:54    --------    d-----w-    c:\program files (x86)\Anvil Studio
2013-04-10 02:54 . 2013-04-10 02:54    --------    d-----w-    c:\program files (x86)\CDCheck
2013-04-10 01:21 . 2013-04-10 01:21    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2013-04-10 01:17 . 2013-04-10 01:24    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-04-09 12:58 . 2013-04-09 12:58    --------    d-----w-    c:\program files (x86)\DomDomSoft Anime Downloader
2013-04-09 12:58 . 2013-04-09 12:58    --------    d-----w-    c:\program files (x86)\DomDomSoft Manga Downloader
2013-04-09 12:57 . 2013-04-09 12:58    --------    d-----w-    c:\program files\WinRAR
2013-04-09 12:55 . 2013-04-09 12:55    --------    d-----w-    c:\programdata\ACD Systems
2013-04-09 12:54 . 2013-04-09 12:55    --------    d-----w-    c:\program files (x86)\Common Files\ACD Systems
2013-04-09 12:54 . 2013-04-09 12:54    --------    d-----w-    c:\program files (x86)\ACD Systems
2013-04-09 12:54 . 2013-04-09 12:54    --------    d-----w-    c:\program files (x86)\Cheat Engine 6.2
2013-04-09 12:53 . 2013-04-09 12:53    --------    d-----w-    c:\program files\Fresco Logic Inc
2013-04-09 12:52 . 2013-04-11 01:47    --------    d-----w-    c:\program files (x86)\Writeitnow4
2013-04-09 12:17 . 2013-04-09 12:50    --------    d-----w-    c:\program files (x86)\CyberLink
2013-04-09 12:17 . 2013-04-09 12:34    --------    d-----w-    c:\programdata\CyberLink
2013-04-09 12:06 . 2013-04-09 12:06    --------    d-----w-    c:\program files (x86)\Audacity
2013-04-09 11:55 . 2013-04-09 11:55    --------    d-----w-    c:\windows\system32\appmgmt
2013-04-09 09:46 . 2008-03-05 08:56    1860120    ----a-w-    c:\windows\system32\D3DCompiler_37.dll
2013-04-09 09:44 . 2013-04-09 09:44    --------    d-----w-    c:\program files (x86)\MSI Kombustor
2013-04-09 08:40 . 2013-04-12 15:37    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-09 08:40 . 2013-04-12 15:37    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-09 08:38 . 2012-06-09 18:21    178688    ----a-w-    c:\windows\SysWow64\unrar.dll
2013-04-09 08:38 . 2013-04-09 08:38    --------    d-----w-    c:\program files (x86)\K-Lite Codec Pack
2013-04-09 08:26 . 2006-03-31 05:41    3927248    ----a-w-    c:\windows\system32\d3dx9_30.dll
2013-04-09 08:13 . 2013-04-09 08:13    --------    d-----w-    c:\program files (x86)\Winamp Detect
2013-04-09 08:12 . 2013-04-09 08:12    --------    d-----w-    c:\program files (x86)\Common Files\PX Storage Engine
2013-04-09 08:12 . 2013-04-09 08:14    --------    d-----w-    c:\program files (x86)\Winamp
2013-04-09 07:19 . 2013-04-11 08:36    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-04-09 06:15 . 2013-03-06 23:33    377920    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-04-09 06:15 . 2013-03-06 23:33    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-04-09 06:15 . 2013-03-06 23:33    70992    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-04-09 06:15 . 2013-03-06 23:33    68920    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-04-09 06:15 . 2013-03-06 23:33    178624    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-04-09 06:15 . 2013-03-06 23:33    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-04-09 06:15 . 2013-03-06 23:33    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-04-09 06:15 . 2013-03-06 23:33    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-04-09 06:15 . 2013-03-06 23:32    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-04-09 06:14 . 2013-03-06 23:32    41664    ----a-w-    c:\windows\avastSS.scr
2013-04-09 06:13 . 2013-04-09 06:13    --------    d-----w-    c:\program files\AVAST Software
2013-04-09 06:13 . 2013-04-09 06:13    --------    d-----w-    c:\programdata\AVAST Software
2013-04-09 06:09 . 2013-04-11 00:01    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-04-09 06:06 . 2013-04-09 06:06    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-04-09 06:06 . 2013-04-09 06:06    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-04-09 06:03 . 2013-04-09 06:03    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-04-08 17:43 . 2013-04-09 06:01    --------    d-----w-    c:\programdata\MFAData
2013-04-08 17:43 . 2013-04-08 17:43    --------    d-----w-    c:\programdata\Common Files
2013-04-08 17:28 . 2013-04-08 02:38    --------    d-----w-    c:\windows\Panther
2013-04-08 14:26 . 2013-04-10 02:52    --------    d-----w-    c:\programdata\Hewlett-Packard
2013-04-08 14:05 . 2013-04-08 14:05    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-08 14:05 . 2013-04-11 17:34    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-08 14:05 . 2013-04-04 07:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-08 11:49 . 2013-04-08 11:49    --------    d-----w-    c:\program files (x86)\Alcohol Soft
2013-04-08 03:41 . 2013-04-08 03:41    --------    d-----w-    c:\program files (x86)\GPU-Z
2013-04-08 03:40 . 2013-04-08 03:40    --------    d-----w-    c:\program files\CPUID
2013-04-08 03:40 . 2011-09-21 03:25    21992    ----a-w-    c:\windows\system32\drivers\cpuz135_x64.sys
2013-04-08 03:28 . 2013-04-08 03:28    --------    d-----w-    c:\program files (x86)\Common Files\LightScribe
2013-04-08 03:27 . 2013-04-08 03:27    --------    d-----w-    c:\program files\Hewlett-Packard
2013-04-08 03:24 . 2013-04-08 03:24    --------    d-----w-    c:\programdata\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
2013-04-08 03:22 . 2013-04-08 18:37    --------    d-----w-    c:\program files (x86)\Hewlett-Packard
2013-04-08 03:21 . 2010-07-14 14:25    344616    ----a-w-    c:\windows\system32\drivers\btwampfl.sys
2013-04-08 03:21 . 2010-07-20 21:26    102952    ----a-w-    c:\windows\system32\drivers\btwaudio.sys
2013-04-08 03:21 . 2010-07-20 21:26    135720    ----a-w-    c:\windows\system32\drivers\btwavdt.sys
2013-04-08 03:21 . 2010-07-20 21:26    21544    ----a-w-    c:\windows\system32\drivers\btwrchid.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 aswVmm;aswVmm; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-19 12800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 WinRing0_1_2_0;WinRing0_1_2_0;h:\installer\Software\RealTemp_360\WinRing0x64.sys [2008-07-26 14544]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-20 92216]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\ONLINE MANAGER\AssistantServices.exe [2010-08-10 253264]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-04-19 122752]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-04-19 122752]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-04-19 122752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 17215263
*Deregistered* - 17215263
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 06:43    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20ca57b3-b500-4be2-883b-c8c056fa90ed.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c3beaddb-2d81-4322-8ce5-aadc0bf4f2e3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    23496    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\a3lday15.default\
FF - ExtSQL: 2013-04-09 13:14; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-09 16:48; mozilla_cc@internetdownloadmanager.com; c:\users\Harry\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-04-12 02:59; {c36177c0-224a-11da-8cd6-0800200c9a91}; c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\a3lday15.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-07671337.sys
AddRemove-AsUninst.exe - c:\windows\system32\AsUninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-14  03:38:48
ComboFix-quarantined-files.txt  2013-04-13 20:38
.
Pre-Run: 85.919.645.696 bytes free
Post-Run: 85.913.808.896 bytes free
.
- - End Of File - - 5A2DEB0D5C723091C47B255BC4708B18



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 13 April 2013 - 03:48 PM

ckscannericon_zpsafea984c.jpg Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 03:51 PM

CKScanner saved directly to desktop and finished scan

 

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetailcrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_2\rashaderstmbasedetaildirtcrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetailcrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackpointlight.cfx
c:\users\harry\documents\battlefield 2\mods\bf2\cache\{d7b71ee2-2ba4-11cf-1877-2c34bec2c535}_2442_3\rashaderstmbasedetaildirtcrackshadow.cfx
scanner sequence 3.ZZ.11.NGAPNF
 ----- EOF -----
 



#12 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 13 April 2013 - 04:06 PM

oh jeff i found something interesting on one of my antivirus program (mainly functioned to USB flashdisk), i just found it recently after trying to run my antivirus program again after finished scanned with combofix, there is suspicious process that hidden from task manager, process explorer, and even process hacker which i owned,

 

i didn't know if this were virus or not, but it makes me curious, the process were cmd.exe and svchost.exe, what that makes me worry is that cmd.exe is running 4 RegString process and i wasn't running any Command Prompt, and even after I closed all my programs (everything), the process still working ,

 

this process caught my attention, the antivirus program listed these 2 as the most risky process and i already screenshot them, i want you to see this but i waited for your reply and advice first,

 

EDIT :

Also this is the first time I see svchost.exe listed as risky process in the program, also only this program could see the hidden process, i can't say the name of the program because of the forum rules,

 

2nd EDIT :
Sorry my english was bad, i correcting some word to make it easier to understand


Edited by harry.yp, 13 April 2013 - 04:13 PM.


#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 14 April 2013 - 11:52 AM

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


    ClearJavaCache::

    File::
    c:\windows\km32hlpr.dll
    c:\windows\wnsperf32.dll
    c:\windows\cr2gui32.dll
    c:\windows\winid332.dll
    c:\windows\stdensrv.dll
    c:\windows\javexisa.dll
    c:\windows\javexisb.dll
    C:\DUMP47a9.tmp
    C:\DUMP47d8.tmp
    C:\DUMP43f2.tmp
    C:\DUMP447e.tmp
    c:\program files (x86)\Smadav\SM?RTP.exe

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SM?RT-Protection"=-

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  • CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

    Post the new ComboFix log and let me know how your system is running now. :)

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 harry.yp

harry.yp
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 14 April 2013 - 12:47 PM

still no good, the good thing is i can booted normally with display driver being on, but a few seconds later suddenly a BSOD appeared, stating bugcheck 0xa0000001, now im booted with my vga display driver

 

here's the log

 

 

ComboFix 13-04-12.02 - Harry 15/04/2013   0:28.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.62.1033.18.3958.2553 [GMT 7:00]
Running from: c:\users\Harry\Desktop\ComboFix.exe
Command switches used :: c:\users\Harry\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"C:\DUMP43f2.tmp"
"C:\DUMP447e.tmp"
"C:\DUMP47a9.tmp"
"C:\DUMP47d8.tmp"
"c:\windows\cr2gui32.dll"
"c:\windows\javexisa.dll"
"c:\windows\javexisb.dll"
"c:\windows\km32hlpr.dll"
"c:\windows\stdensrv.dll"
"c:\windows\winid332.dll"
"c:\windows\wnsperf32.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DUMP43f2.tmp
C:\DUMP447e.tmp
C:\DUMP47a9.tmp
C:\DUMP47d8.tmp
c:\windows\cr2gui32.dll
c:\windows\javexisa.dll
c:\windows\javexisb.dll
c:\windows\km32hlpr.dll
c:\windows\stdensrv.dll
c:\windows\winid332.dll
c:\windows\wnsperf32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-14 to 2013-04-14  )))))))))))))))))))))))))))))))
.
.
2013-04-14 17:33 . 2013-04-14 17:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-14 15:36 . 2013-04-14 15:37    --------    d-----w-    c:\users\Guest
2013-04-13 17:14 . 2013-04-14 16:59    336374    ----a-w-    C:\DUMP315c.tmp
2013-04-13 14:09 . 2013-04-13 14:09    --------    d-----w-    c:\programdata\ATI
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files (x86)\AMD AVT
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files (x86)\AMD APP
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-04-13 14:07 . 2013-04-13 14:07    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-04-13 13:56 . 2013-04-13 13:56    0    ----a-w-    c:\windows\ativpsrm.bin
2013-04-13 13:54 . 2013-04-13 13:55    --------    d-----w-    c:\program files\ATI Technologies
2013-04-13 13:54 . 2013-04-13 13:54    --------    d-----w-    c:\program files\ATI
2013-04-13 01:29 . 2013-04-13 01:29    --------    d-----w-    C:\FRST
2013-04-13 00:00 . 2013-04-13 00:00    --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-04-12 18:53 . 2013-04-12 18:53    --------    d-----w-    c:\program files\Process Hacker 2
2013-04-12 17:37 . 2013-04-12 17:38    646144    ----a-w-    c:\windows\sysnadr64.exe
2013-04-12 17:37 . 2013-04-12 17:37    3440128    ----a-w-    c:\windows\diskediag.exe
2013-04-12 17:37 . 2013-04-12 17:37    3747    ----a-w-    c:\windows\memgprep.dll
2013-04-12 17:37 . 2013-04-12 17:37    --------    d-----w-    c:\windows\ServiceLECache
2013-04-12 17:22 . 2006-02-23 14:03    8576    ----a-w-    c:\windows\SysWow64\drivers\KProcWatch.sys
2013-04-12 17:22 . 2013-04-12 17:22    --------    d-----w-    c:\program files (x86)\HiddenFinder
2013-04-12 15:37 . 2013-04-12 15:37    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-04-12 15:37 . 2013-04-12 15:37    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-12 15:37 . 2013-04-12 15:37    --------    d-----w-    c:\program files (x86)\Java
2013-04-12 12:03 . 2013-04-12 12:03    --------    d-----w-    c:\program files (x86)\ati_winflash_2.0.1.18
2013-04-12 10:39 . 2012-12-14 04:42    35792    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-04-12 10:39 . 2012-12-14 04:42    27088    ----a-w-    c:\windows\system32\authuitu.dll
2013-04-12 10:39 . 2012-12-14 04:42    22480    ----a-w-    c:\windows\SysWow64\authuitu.dll
2013-04-12 10:38 . 2013-04-12 10:38    --------    d-----w-    c:\program files (x86)\AVG
2013-04-12 10:37 . 2013-04-12 10:39    --------    d-----w-    c:\programdata\AVG
2013-04-12 10:37 . 2013-04-12 10:37    --------    d-s---w-    c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-11 21:02 . 2013-04-11 21:02    --------    d-----w-    c:\program files (x86)\Geeks3D
2013-04-11 19:57 . 2013-04-11 19:57    691592    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 17:27 . 2013-04-11 17:27    --------    d-----w-    c:\program files (x86)\ESET
2013-04-11 17:24 . 2010-04-19 07:23    12800    ----a-w-    c:\windows\system32\drivers\massfilter.sys
2013-04-11 17:24 . 2010-04-19 07:23    122752    ----a-w-    c:\windows\system32\drivers\HSPADataCardusbser.sys
2013-04-11 17:24 . 2010-04-19 07:23    122752    ----a-w-    c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2013-04-11 17:24 . 2010-04-19 07:23    122752    ----a-w-    c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2013-04-11 17:24 . 2013-04-11 17:24    --------    d-----w-    c:\windows\SysWow64\SupportAppCB
2013-04-11 17:24 . 2013-04-13 20:36    --------    d-----w-    c:\program files (x86)\ONLINE MANAGER
2013-04-11 07:07 . 2013-04-14 17:02    --------    d-----w-    c:\windows\system32\wbem\repository
2013-04-11 00:21 . 2013-04-11 00:22    --------    d-----w-    c:\program files\WinHTTrack
2013-04-11 00:17 . 2013-04-11 00:17    --------    d-----w-    c:\program files (x86)\Ray Adams
2013-04-11 00:01 . 2013-04-11 00:01    --------    d-----w-    c:\windows\PCHEALTH
2013-04-10 23:59 . 2013-04-10 23:59    --------    d-----w-    c:\program files\Microsoft Office
2013-04-10 23:59 . 2013-04-10 23:59    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2013-04-10 23:59 . 2013-04-11 00:03    --------    d-----w-    c:\programdata\Microsoft Help
2013-04-10 23:55 . 2013-04-10 23:55    --------    d-----w-    c:\program files (x86)\Common Files\ChessBase
2013-04-10 23:55 . 2013-04-10 23:55    --------    d-----w-    c:\program files (x86)\ChessBase
2013-04-10 20:50 . 2013-04-11 19:57    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 20:50 . 2013-04-10 20:50    --------    d-----w-    c:\windows\SysWow64\Macromed
2013-04-10 20:50 . 2013-04-10 20:50    --------    d-----w-    c:\windows\system32\Macromed
2013-04-10 08:03 . 2013-04-10 08:03    --------    d-----w-    c:\program files (x86)\Elaborate Bytes
2013-04-10 03:01 . 2013-04-10 03:01    --------    d-----w-    c:\program files (x86)\Xilisoft
2013-04-10 02:54 . 2013-04-10 02:54    --------    d-----w-    c:\program files (x86)\Anvil Studio
2013-04-10 02:54 . 2013-04-10 02:54    --------    d-----w-    c:\program files (x86)\CDCheck
2013-04-10 01:21 . 2013-04-10 01:21    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2013-04-10 01:17 . 2013-04-10 01:24    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-04-09 12:58 . 2013-04-09 12:58    --------    d-----w-    c:\program files (x86)\DomDomSoft Anime Downloader
2013-04-09 12:58 . 2013-04-09 12:58    --------    d-----w-    c:\program files (x86)\DomDomSoft Manga Downloader
2013-04-09 12:57 . 2013-04-09 12:58    --------    d-----w-    c:\program files\WinRAR
2013-04-09 12:55 . 2013-04-09 12:55    --------    d-----w-    c:\programdata\ACD Systems
2013-04-09 12:54 . 2013-04-09 12:55    --------    d-----w-    c:\program files (x86)\Common Files\ACD Systems
2013-04-09 12:54 . 2013-04-09 12:54    --------    d-----w-    c:\program files (x86)\ACD Systems
2013-04-09 12:54 . 2013-04-09 12:54    --------    d-----w-    c:\program files (x86)\Cheat Engine 6.2
2013-04-09 12:53 . 2013-04-09 12:53    --------    d-----w-    c:\program files\Fresco Logic Inc
2013-04-09 12:52 . 2013-04-11 01:47    --------    d-----w-    c:\program files (x86)\Writeitnow4
2013-04-09 12:17 . 2013-04-09 12:50    --------    d-----w-    c:\program files (x86)\CyberLink
2013-04-09 12:17 . 2013-04-09 12:34    --------    d-----w-    c:\programdata\CyberLink
2013-04-09 12:06 . 2013-04-09 12:06    --------    d-----w-    c:\program files (x86)\Audacity
2013-04-09 11:55 . 2013-04-09 11:55    --------    d-----w-    c:\windows\system32\appmgmt
2013-04-09 09:46 . 2008-03-05 08:56    1860120    ----a-w-    c:\windows\system32\D3DCompiler_37.dll
2013-04-09 09:44 . 2013-04-09 09:44    --------    d-----w-    c:\program files (x86)\MSI Kombustor
2013-04-09 08:40 . 2013-04-12 15:37    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-04-09 08:40 . 2013-04-12 15:37    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-04-09 08:38 . 2012-06-09 18:21    178688    ----a-w-    c:\windows\SysWow64\unrar.dll
2013-04-09 08:38 . 2013-04-09 08:38    --------    d-----w-    c:\program files (x86)\K-Lite Codec Pack
2013-04-09 08:26 . 2006-03-31 05:41    3927248    ----a-w-    c:\windows\system32\d3dx9_30.dll
2013-04-09 08:13 . 2013-04-09 08:13    --------    d-----w-    c:\program files (x86)\Winamp Detect
2013-04-09 08:12 . 2013-04-09 08:12    --------    d-----w-    c:\program files (x86)\Common Files\PX Storage Engine
2013-04-09 08:12 . 2013-04-09 08:14    --------    d-----w-    c:\program files (x86)\Winamp
2013-04-09 07:19 . 2013-04-11 08:36    --------    d-----w-    c:\program files (x86)\SpeedFan
2013-04-09 06:15 . 2013-03-06 23:33    377920    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-04-09 06:15 . 2013-03-06 23:33    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-04-09 06:15 . 2013-03-06 23:33    70992    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-04-09 06:15 . 2013-03-06 23:33    68920    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-04-09 06:15 . 2013-03-06 23:33    178624    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-04-09 06:15 . 2013-03-06 23:33    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-04-09 06:15 . 2013-03-06 23:33    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-04-09 06:15 . 2013-03-06 23:33    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-04-09 06:15 . 2013-03-06 23:32    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-04-09 06:14 . 2013-03-06 23:32    41664    ----a-w-    c:\windows\avastSS.scr
2013-04-09 06:13 . 2013-04-09 06:13    --------    d-----w-    c:\program files\AVAST Software
2013-04-09 06:13 . 2013-04-09 06:13    --------    d-----w-    c:\programdata\AVAST Software
2013-04-09 06:09 . 2013-04-11 00:01    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-04-09 06:06 . 2013-04-09 06:06    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-04-09 06:06 . 2013-04-09 06:06    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-04-09 06:03 . 2013-04-09 06:03    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-04-08 17:43 . 2013-04-09 06:01    --------    d-----w-    c:\programdata\MFAData
2013-04-08 17:43 . 2013-04-08 17:43    --------    d-----w-    c:\programdata\Common Files
2013-04-08 17:28 . 2013-04-08 02:38    --------    d-----w-    c:\windows\Panther
2013-04-08 14:26 . 2013-04-10 02:52    --------    d-----w-    c:\programdata\Hewlett-Packard
2013-04-08 14:05 . 2013-04-08 14:05    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-08 14:05 . 2013-04-11 17:34    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-08 14:05 . 2013-04-04 07:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-08 11:49 . 2013-04-08 11:49    --------    d-----w-    c:\program files (x86)\Alcohol Soft
2013-04-08 03:41 . 2013-04-08 03:41    --------    d-----w-    c:\program files (x86)\GPU-Z
2013-04-08 03:40 . 2013-04-08 03:40    --------    d-----w-    c:\program files\CPUID
2013-04-08 03:40 . 2011-09-21 03:25    21992    ----a-w-    c:\windows\system32\drivers\cpuz135_x64.sys
2013-04-08 03:28 . 2013-04-08 03:28    --------    d-----w-    c:\program files (x86)\Common Files\LightScribe
2013-04-08 03:27 . 2013-04-08 03:27    --------    d-----w-    c:\program files\Hewlett-Packard
2013-04-08 03:24 . 2013-04-08 03:24    --------    d-----w-    c:\programdata\{D13C0989-F3EC-4F44-A33D-B3F83DF90FAF}
2013-04-08 03:22 . 2013-04-08 18:37    --------    d-----w-    c:\program files (x86)\Hewlett-Packard
2013-04-08 03:21 . 2010-07-14 14:25    344616    ----a-w-    c:\windows\system32\drivers\btwampfl.sys
2013-04-08 03:21 . 2010-07-20 21:26    102952    ----a-w-    c:\windows\system32\drivers\btwaudio.sys
2013-04-08 03:21 . 2010-07-20 21:26    135720    ----a-w-    c:\windows\system32\drivers\btwavdt.sys
2013-04-08 03:21 . 2010-07-20 21:26    21544    ----a-w-    c:\windows\system32\drivers\btwrchid.sys
2013-04-08 03:21 . 2010-03-02 22:37    39464    ----a-w-    c:\windows\system32\drivers\btwl2cap.sys
2013-04-08 03:20 . 2013-04-08 03:20    --------    d-----w-    c:\program files\WIDCOMM
2013-04-08 03:18 . 2010-03-23 01:57    347680    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-04-08 03:18 . 2010-01-06 08:39    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2013-04-08 03:18 . 2009-12-04 01:27    74272    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-04-08 03:18 . 2013-04-08 03:18    --------    d-----w-    c:\program files (x86)\Cisco
2013-04-08 03:18 . 2013-04-08 03:18    --------    d-----w-    c:\program files\Synaptics
2013-04-08 03:17 . 2013-04-08 03:17    --------    d-----w-    c:\program files\Broadcom
2013-04-08 03:17 . 2013-04-08 03:16    6656    ----a-w-    c:\windows\system32\bcmwlrc.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R3 aswVmm;aswVmm; [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GPU-Z;GPU-Z;c:\users\Harry\AppData\Local\Temp\GPU-Z.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-19 12800]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 WinRing0_1_2_0;WinRing0_1_2_0;h:\installer\Software\RealTemp_360\WinRing0x64.sys [2008-07-26 14544]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-20 92216]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-28 26680]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
R4 UI Assistant Service;UI Assistant Service;c:\program files (x86)\ONLINE MANAGER\AssistantServices.exe [2010-08-10 253264]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-04-19 122752]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-04-19 122752]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-04-19 122752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-07-04 11880]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 06:43    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 20ca57b3-b500-4be2-883b-c8c056fa90ed.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c3beaddb-2d81-4322-8ce5-aadc0bf4f2e3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53    2210304    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    23496    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\a3lday15.default\
FF - ExtSQL: 2013-04-09 13:14; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-09 16:48; mozilla_cc@internetdownloadmanager.com; c:\users\Harry\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2013-04-12 02:59; {c36177c0-224a-11da-8cd6-0800200c9a91}; c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\a3lday15.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AsUninst.exe - c:\windows\system32\AsUninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3a,92,e2,e1,2e,d2,4e,71,dd,67,53,c1,3b,98,b3,d7,01,e9,93,86,e9,
   f3,c6,46,83,39,0f,69,08,6a,69,51,81,05,ea,1e,f4,32,ce,21,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2352302462-1595034629-2590302044-1000_Classes\Wow6432Node\CLSID\{d969d2ee-8085-4322-a493-7800397641ff}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000067
"Therad"=dword:00000006
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-15  00:35:43
ComboFix-quarantined-files.txt  2013-04-14 17:35
ComboFix2.txt  2013-04-13 20:38
.
Pre-Run: 85.528.055.808 bytes free
Post-Run: 85.340.016.640 bytes free
.
- - End Of File - - 04A9D7F4CA97917E4BD1D92988B2CD2B
 



#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:30 PM

Posted 14 April 2013 - 01:03 PM

OTL.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
  • ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users