Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with NMC.WORM.WIN32


  • This topic is locked This topic is locked
49 replies to this topic

#1 dinovo

dinovo

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 20 May 2013 - 10:26 PM

Hello to all and thanks in advance for you support and HELP
I do appreciated very much If you are able to help me

I have signed up long ago I cannot remember password etc. cannot access email I have created a new account for this post, my first post.

I am infected with NMC.WORM.WIN32.NUQEL.FEQ
[HKLM_KEY]=\SYSTEM\CurrentControlSet\Services\ekrn[FILE_DEL]=%appdata%\MusaLLaT.exe

For weeks I have been trying to remove it with EMCO Malware Destroyer
It says it is removed but it is there on every re-scan it is the only Antivirus/malware remover tool that can detect it, I have scanned with tdsskiller, Microsoft, spybotSD,
Malwarebytes Anti-Malware, end more,  no detection.

My desktop has windows 7 SP 1 and 4 MB ram, internet explorer and firebox

My Yahoo Email account has been hijacked for months and Yahoo had not helped at all I can log in email, cannot delete spam messages, cannot reed messages, cannot open messages, I have replaced password some time ago with no changes,  my acc. Infected (
unbourbon@yahoo.com.au)
this line below appears on the pages of Yahoo mail, sometime in browser as well

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright © 2003-2006 Right Media*/var rm_ban_flash=0;var  Before this was single line now is a full page.
when opening a message a small box opens with this message:
Network Error
Yahoo!7 Mail was unable to connect. Please reload the page
or verify that you network connection is active.

On the email page is the following message:
We’re sorry, but there appears to be a problem loading the email "Your Yahoo! account information has changed". Retry

Internet is very slow and sometimes does not open the page, computer is bit slow, I cannot access  eBay at all and some other sites, many times it want open the page, and some time re-direct. I also have some problems with programs running, Adobe flash player crashers on every fresh install

There may be more viruses then the above one
I do not know much about computers!

Thanks, Kind regards

PS. Some weeks ago I removed tree or four malware like trojans backdoor, etc.


 
Attached File  ebay.png   51.82KB   9 downloads

Edited by Queen-Evie, 20 May 2013 - 10:33 PM.
removed email address


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 25 May 2013 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    --RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 dinovo

dinovo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 27 May 2013 - 03:50 AM

Dear nasdaq

I am very happy for your help and support and I thank you with very much

I have followed  your instruction and the following are the reports:

 

Message 2

Dear nasdaq

Forgive me if I am too smart for computers

 

I have been trying to post this all day long, my internet is getting slower, my post was sent back by Bleepingcomputers, it could not be delivered, could not find my registration (I am not registered according to the message) I had verified my account and tried again few times, it Saied I was verified.

 

I have logged in signed in no problems so I do not know the problem, I do not want you to think I am ignoring you help and wasting your time for taking so long to reply  I hope you get this soon

Kind Regards

 

# AdwCleaner v2.301 - Logfile created 05/27/2013 at 09:30:12
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Administrator - KHAN
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Administrator\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Administrator\AppData\Roaming\SpeedMaxPc

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\SpeedMaxPC

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5p7y6ssf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1512 octets] - [27/05/2013 09:30:12]

########## EOF - C:\AdwCleaner[S2].txt - [1572 octets] ##########
-----------------------------------------------------------------------------------------------------------------------------------------------


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 05/27/2013 09:40:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[RUN][HJNAME] [ON_G:Default User]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\System32\CTFMON.EXE) [7] -> DELETED
[RUN][HJNAME] [ON_G:LocalService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\System32\CTFMON.EXE) [7] -> DELETED
[RUN][HJNAME] [ON_G:NetworkService]HKCU[...]\Run : CTFMON.EXE (C:\WINDOWS\System32\CTFMON.EXE) [7] -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtCreateKey -> HOOKED (\??\C:\Windows\system32\drivers\aksfridge.sys @ 0xA2C46F83)
_INLINE_ : NtOpenKey -> HOOKED (\??\C:\Windows\system32\drivers\aksfridge.sys @ 0xA2C5058B)
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x805EDC00)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\DII\NTUSER.DAT
-> D:\Users\UpdatusUser\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> D:\Documents and Settings\User 1\NTUSER.DAT
-> G:\Documents and Settings\Default User\NTUSER.DAT
-> G:\Documents and Settings\LocalService\NTUSER.DAT
-> G:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] a18f948ffa5e5dc993763a230501d0ce
[BSP] 8b95a0ddf010e8b887848b0879832b80 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 133209 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 272815830 | Size: 172031 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500418AS ATA Device +++++
--- User ---
[MBR] 321265f0d01ec1e344fdbb91970e4b04
[BSP] 0fff42c49db9c2f21b6204b17c0122e7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05272013_02d0940.txt >>
RKreport[1]_S_05272013_02d0938.txt ; RKreport[2]_D_05272013_02d0940.txt

-------------------------------------------------------------------------------------------------------------------------------------------------------


ComboFix 13-05-25.02 - Administrator 05/27/2013 10:46:30.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3582.2297 [GMT 10:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\8510DB6088.sys
c:\users\Administrator\Documents\DCSCMIN
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-27 to 2013-05-27 )))))))))))))))))))))))))))))))
.
.
2013-05-27 00:52 . 2013-05-27 00:52    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-05-27 00:52 . 2013-05-27 00:52    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-05-27 00:52 . 2013-05-27 00:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-05-27 00:52 . 2013-05-27 00:52    --------    d-----w-    c:\users\User 1\AppData\Local\temp
2013-05-25 21:12 . 2013-05-25 21:12    --------    d-----w-    c:\program files\Common Files\Wondershare
2013-05-25 07:38 . 2013-05-25 07:38    --------    d-----w-    c:\users\Administrator\AppData\Local\SafeNet Sentinel
2013-05-25 07:38 . 2013-05-25 07:38    --------    d-----w-    c:\programdata\SafeNet Sentinel
2013-05-25 07:38 . 2013-05-25 07:38    --------    d-----w-    c:\program files\Common Files\Aladdin Shared
2013-05-25 07:38 . 2012-08-23 07:18    4412872    ----a-w-    c:\windows\system32\hasplms.exe
2013-05-25 07:38 . 2012-08-23 07:18    4412872    ----a-w-    c:\windows\system32\aksllmtp.exe
2013-05-25 07:38 . 2012-08-07 02:50    365056    ----a-w-    c:\windows\system32\drivers\aksfridge.sys
2013-05-25 07:37 . 2012-09-27 13:29    605128    ----a-w-    c:\windows\system32\drivers\hardlock.sys
2013-05-25 07:37 . 2011-05-13 02:19    198088    ----a-w-    c:\windows\system32\hlvdd.dll
2013-05-25 07:37 . 2013-05-25 07:38    --------    d-----w-    c:\program files\Lightworks
2013-05-25 04:20 . 2013-05-25 04:21    --------    d-----w-    c:\programdata\Freemake
2013-05-25 03:33 . 2013-05-25 04:20    --------    d-----w-    c:\program files\Freemake
2013-05-24 09:18 . 2013-05-24 10:15    --------    d-----w-    c:\users\Administrator\AppData\Local\Sony
2013-05-24 09:18 . 2013-05-24 10:15    --------    d-----w-    c:\programdata\Sony
2013-05-23 07:59 . 2011-07-25 02:15    25024    ----a-w-    c:\windows\system32\udcpm.dll
2013-05-23 07:59 . 2013-05-23 07:59    --------    d-----w-    c:\program files\Universal Document Converter
2013-05-22 12:35 . 2013-05-22 12:35    180356    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2013-05-22 12:35 . 2013-05-22 12:35    303236    ----a-w-    c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2013-05-22 12:13 . 2008-10-17 10:02    126976    ------w-    c:\windows\system32\BrfxD05b.dll
2013-05-22 12:13 . 2007-12-13 12:16    73728    ------w-    c:\windows\system32\BrDctF2.dll
2013-05-22 12:13 . 2007-12-13 12:16    5120    ------w-    c:\windows\system32\BrDctF2L.dll
2013-05-22 12:13 . 2007-12-13 12:16    3072    ------w-    c:\windows\system32\BrDctF2S.dll
2013-05-22 12:13 . 2006-12-28 03:39    176128    ------w-    c:\windows\system32\BroSNMP.dll
2013-05-22 12:13 . 2013-05-22 12:13    --------    d-----w-    c:\users\Administrator\AppData\Roaming\InstallShield
2013-05-20 16:18 . 2013-05-20 16:18    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-05-16 05:19 . 2013-05-13 15:49    7016152    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BFCCEAF-1A89-4A8A-8249-573679153298}\mpengine.dll
2013-05-08 07:26 . 2013-05-26 15:10    --------    d-----w-    c:\users\Administrator\AppData\Roaming\DVD Flick
2013-05-08 07:25 . 2013-05-08 07:25    --------    d-----w-    c:\program files\DVD Flick
2013-05-08 07:25 . 2008-08-31 03:27    28672    ----a-w-    c:\windows\system32\mousewheel.ocx
2013-05-08 07:25 . 2007-08-31 08:36    36864    ----a-w-    c:\windows\system32\trayicon_handler.ocx
2013-05-08 07:25 . 2004-03-08 14:00    212240    ----a-w-    c:\windows\system32\richtx32.ocx
2013-05-08 07:25 . 2003-01-26 03:41    40960    ----a-w-    c:\windows\system32\ssubtmr6.dll
2013-05-08 07:25 . 1998-06-23 14:00    164144    ----a-w-    c:\windows\system32\comct232.ocx
2013-05-07 05:51 . 2013-05-07 05:51    --------    d-----w-    c:\users\UpdatusUser.KHAN
2013-05-07 05:50 . 2013-01-31 09:00    2557728    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-05-07 05:12 . 2013-03-01 03:09    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-05-07 05:12 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2013-05-07 05:12 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\system32\aaclient.dll
2013-05-07 05:12 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2013-05-07 05:12 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-05-07 05:12 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-07 05:12 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-07 05:12 . 2013-03-19 04:48    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-05-07 05:12 . 2013-03-19 02:49    69632    ----a-w-    c:\windows\system32\smss.exe
2013-05-07 02:04 . 2013-05-07 02:04    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2013-05-04 06:47 . 2013-05-23 08:00    --------    d-----w-    c:\users\Administrator\AppData\Roaming\UDC Profiles
2013-05-04 04:27 . 2013-05-04 04:27    --------    d-----w-    c:\programdata\AVS4YOU
2013-05-04 04:27 . 2013-05-04 04:34    --------    d-----w-    c:\program files\Common Files\AVSMedia
2013-05-04 04:27 . 2013-05-26 21:46    --------    d-----w-    c:\program files\AVS4YOU
2013-04-29 04:56 . 2013-05-04 03:02    --------    d-----w-    c:\program files\Stellar Phoenix Windows Data Recovery
2013-04-29 02:38 . 2013-04-29 02:38    --------    d-----w-    c:\program files\EASEUS
2013-04-27 07:33 . 2013-04-27 07:33    --------    d-----w-    C:\Output
2013-04-27 07:17 . 2013-04-27 07:17    --------    d-----w-    c:\users\Administrator\AppData\Roaming\YCanPDF
2013-04-27 06:21 . 2013-04-27 06:46    --------    d-----w-    c:\users\Administrator\AppData\Roaming\CrystalIdea Software
2013-04-27 06:21 . 2013-04-27 06:46    --------    d-----w-    c:\program files\Uninstall Tool
2013-04-27 04:18 . 2013-04-27 04:18    --------    d-----w-    C:\Log
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 22:32 . 2011-12-10 10:34    7308    --sha-w-    c:\programdata\KGyGaAvL.sys
2013-05-20 16:23 . 2012-07-17 04:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-18 02:29 . 2013-02-23 01:38    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 02:29 . 2013-02-23 01:38    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 16:06 . 2011-12-08 03:54    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 04:50 . 2013-02-15 09:46    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-22 12:49 . 2013-03-22 12:49    745472    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 12:49 . 2013-03-22 12:49    185344    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-22 12:49 . 2013-03-22 12:49    158720    ----a-w-    c:\windows\system32\msls31.dll
2013-03-22 12:49 . 2013-03-22 12:49    73728    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 12:49 . 2013-03-22 12:49    719360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-22 12:49 . 2013-03-22 12:49    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-22 12:49 . 2013-03-22 12:49    523264    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-22 12:49 . 2013-03-22 12:49    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-22 12:49 . 2013-03-22 12:49    38400    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-22 12:49 . 2013-03-22 12:49    361984    ----a-w-    c:\windows\system32\html.iec
2013-03-22 12:49 . 2013-03-22 12:49    23040    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-22 12:49 . 2013-03-22 12:49    150528    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-22 12:49 . 2013-03-22 12:49    1441280    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-22 12:49 . 2013-03-22 12:49    138752    ----a-w-    c:\windows\system32\wextract.exe
2013-03-22 12:49 . 2013-03-22 12:49    137216    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-22 12:49 . 2013-03-22 12:49    12800    ----a-w-    c:\windows\system32\mshta.exe
2013-03-22 12:49 . 2013-03-22 12:49    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-22 12:48 . 2013-03-22 12:48    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    906240    ----a-w-    c:\windows\system32\FntCache.dll
2013-03-22 12:48 . 2013-03-22 12:48    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-03-22 12:48 . 2013-03-22 12:48    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    417792    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-03-22 12:48 . 2013-03-22 12:48    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-03-22 12:48 . 2013-03-22 12:48    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    3419136    ----a-w-    c:\windows\system32\d2d1.dll
2013-03-22 12:48 . 2013-03-22 12:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    293376    ----a-w-    c:\windows\system32\dxgi.dll
2013-03-22 12:48 . 2013-03-22 12:48    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-22 12:48 . 2013-03-22 12:48    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-03-22 12:48 . 2013-03-22 12:48    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-03-22 12:48 . 2013-03-22 12:48    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2013-03-22 12:48 . 2013-03-22 12:48    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-03-22 12:48 . 2013-03-22 12:48    1988096    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-03-22 12:48 . 2013-03-22 12:48    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-03-22 12:48 . 2013-03-22 12:48    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-03-22 12:48 . 2013-03-22 12:48    1504768    ----a-w-    c:\windows\system32\d3d11.dll
2013-03-22 12:48 . 2013-03-22 12:48    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-03-22 12:48 . 2013-03-22 12:48    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-03-22 12:48 . 2013-03-22 12:48    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-03-22 12:48 . 2013-03-22 12:48    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2013-03-22 12:48 . 2013-03-22 12:48    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-07 11:50 . 2013-03-07 11:50    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-03-07 11:10 . 2011-12-10 01:45    15600    ----a-w-    c:\windows\gdrv.sys
2013-03-06 22:20 . 2013-03-06 22:20    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 22:20 . 2012-10-13 13:11    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-06 22:20 . 2012-10-13 13:11    782240    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-10 22:55    220632    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-10 22:55    220632    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-10 22:55    220632    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2012-10-23 23:05    100208    ----a-w-    c:\program files\OO Software\DiskImage\oodishi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleQuery"="c:\gql\gql.exe" [2013-01-28 15872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-02-16 2219184]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"ACPW06EN"="c:\program files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" [2012-12-17 1135304]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2011-02-01 09:53    390720    ----a-w-    c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 06:46    1159168    ------w-    c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 00:26    114688    ------w-    c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2011-06-30 04:47    2638152    ----a-w-    c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-10-11 09:01    46368    ----a-w-    c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 05:56    1821576    ----a-w-    c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODITRAY.EXE]
2012-10-23 23:05    3838320    ----a-w-    c:\program files\OO Software\DiskImage\ooditray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-10-11 09:03    29984    ----a-w-    c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PdxRegCl]
2010-03-10 07:36    54632    ----a-w-    c:\program files\Corel\Paradox\Programs\PdxRegCl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-30 23:01    328992    ----a-w-    c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2010-10-25 15:10    136600    ----a-w-    c:\program files\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27    545552    ----a-w-    c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2011-06-30 04:48    395152    ----a-w-    c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-24 23:03    210472    ----a-w-    c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-02 23:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2011-02-01 09:52    5546376    ----a-w-    c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2011-07-17 04:56    1038848    ----a-w-    c:\program files\WebcamMax\wcmmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
S0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\DRIVERS\oodisr.sys [x]
S0 oodisrh;oodisrh;c:\windows\system32\DRIVERS\oodisrh.sys [x]
S0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys [x]
S0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 OO DiskImage;OO DiskImage;c:\program files\OO Software\DiskImage\oodiag.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 02:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5p7y6ssf.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-78672000.sys
AddRemove-UBCD4Win_is1 - f:\ubcd4win\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{38D80A4C-D893-4985-BA3F-0B1D9E848CED}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.2"
"UniqueId"="000AB412511ECF3B"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000015fe
"ScannerVersion"="ready"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,20,f4,ca,a8,1f,8b,4d,92,e8,a7,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,20,f4,ca,a8,1f,8b,4d,92,e8,a7,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="C93DBE81119B62683ED6957E4E92788C2986C4F431B7C229EFA4BA27AF6DB409D96A186563C5908D3317B3D8AE83C8A37766C89B71016284964EA19E51D37A413C1FE16512D1C229B2DC508DF75529FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3D5D575E7D6A3B9808C038D530D6EB34528D41DAC240E87F6F906C2257EC1BCD242A43F52A014209397C6A28818052E4F491AF24A08641166434E4571A52EE27F1A34E61321D1F8A1195279E5242798D778125760BB7A7956B46A183A3D973A79B9A4286430086C90748B8AC1C63A7ABFCC2922032DF98A6A58314F3AF74F78799BC2E4F3F9DB9AB0F5972F6097F2DEE94CD2B262D5F156759B773A75BE64B6F8C4DE9D6EF42F887C0216B5A2C855DFCEB3167BEF4E7A1E97146B556A9C8C40137A38EF17E0A0D2B580C80E477B78E6EDA8D83D4E60447B479A41B6401893ECE7FABF925FB683FD3B69A4D5745AD1FD058980009C40D12C1A4DEA271ABE694DDF1E3D028D9A0DE385D5FB72A50506CA4829BA1AFB23413FDC99111CCD776A92BBCDF766AF14EBE7E75846607BA615BDF1A726E4EBAFCDE4DE0EF71FA982364253147168C7E60B443CB45434D0870526A8210B4A24ABE0E8489BF9035E4282CAF48D41EE59E151B174EF27F8EA0663E21C679039934263C6D04DB7EE694956FA09C58C07DD585D17D13718D11D07C0E569247AED82BB10C4738B2113269D0A0C26C33F2120C1ABB6E51B823D0494336CD37A7CEB74B36A1C2AD4561E8821335D61B60EF940C103E55E2D4BC7A1E1CAC42A9DB40400F5AA48615AA4C96E869260D2F67B6AB857AC414CA6619F1C7BF6F5E023724B3DA9BC22D3E0D737505B2F110D3EA07AF0C3EBE7E2BA13CCDA2B5FCC4FD255C047249ABC3202BBB7827A619F7D79BE9AF96959CD94CCEEB586F5F588A7EA212DAFE0615CCD357CEC1804BA255ADC127EA800E56651AC9B40F53EE8AB70940B2128E4A363D9776982BA77E182AECB74DD98A09664FA40564A5D46A9D4AC423EBB813E14D814D84CA4117F106ED516EAF2356BD4CBC1F810F82E0AEA2B27F06B494E0EB9975FA0FDBC32C28FD8C37E7E326EC3489C362D98CBF49E72C572BB4431BB15EE06C4A3803A7ACFC96E3A43CC373B7CA25726939F52CC019D28E5A11147823FDEBAA8A353F153B9AE9473D16ED500833A9C8D5DF2CCA611B32274890670CB6E8866D2B535069E382947ECE35C3B68FF3263A69A351512697E863503B42E9510E025F43EDBA34948AB84346EB6C5567E5AD2E8CEA4D2A6F8C1BF474B0EA593D3132A48D78C9BA9F5A7C45B723D08D8AB7D501CCB24AF482CDF08759206E55A66A70D166790AF53D6E8828D9D4A072D76AB983D88BB88287021637474F"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-27 10:54:59
ComboFix-quarantined-files.txt 2013-05-27 00:54
.
Pre-Run: 115,530,031,104 bytes free
Post-Run: 115,081,584,640 bytes free
.
- - End Of File - - D69F7808BA1434C9C2119255E5F753E3
------------------------------------------------------------------------------------------------------------------------------------------------


 Results of screen317's Security Check version 0.99.64
 Windows 7 Service Pack 1 x86 (UAC is enabled)
 Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!
ESET Smart Security 4.2  
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300
 CCleaner    
 Java 7 Update 17
 Java version out of Date!
 Adobe Flash Player    11.7.700.202
 Adobe Reader XI
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
 ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
--------------------------------------------------------------------------------------------------------------------------------------------
Thank You



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 27 May 2013 - 07:28 AM


Bleepingcomputers' forum is very besy. The same thing happened to me yesterday. Next time wait 5 minutes before sending the request again.


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 17

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Any remainin issues with this computer?

#5 dinovo

dinovo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 28 May 2013 - 09:17 PM

Dear nasdaq

I don’t know if I have to reply to this message

 

I have updated Java following the instructions:  uninstall and re-install

 

I have been able to log in and read my email and delete spam, not able to do before

There is some little twitch opening email, I cannot explain not really important

 

When I close internet browser all icons on the desktop flick, disappear for a second and re-appear again.

 

No other problem noticeable, I have not installed or uninstalled any programs

I have not run any scan, I have not downloaded any programs.

I have not done much to give an accurate answer.

 

I was waiting for a report on the scan and the virus.

 

Awaiting further instructions!

Thank You again for your help



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 29 May 2013 - 08:36 AM

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#7 dinovo

dinovo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 30 May 2013 - 03:27 AM

PS a smal box has opened when I clik POST to post this topic sing:  an error occured

You are not allowed to use that image extension on this community.

 

I am removing the immage from the post, I hope it worcks

 

 

 

Dear nasdaq

My computer is always on during the night, balking modem off.

 

When I connected modem I got a window from eset for a new network I allowed it

(See attach) it has changed my setting and internet is not working properly (slow) to connect to ESET on line scan.

I am a fool sorry; I am using internet explorer and Mozilla Firefox because of difficulty connecting to some web site.

 

This morning I used Firefox to connect to eBay, as before I get a black page with a pixel in the center (see attach)

 

I used Eset online scan before contacting bleeping computer, the report was clean, no virus/malware.

 

If relevant in the past my modem seems to be downloading continuously, even when I am not downloading for long time, I do not know if this is normal or not, or is worth the mention, today as the eset online scan is on the modem has not been downloading, lights rarely flash.

 

The scan has completed it took long time 6- 7 hours, report included;

Thank You

 

 

 

 

 

 

 

 

ESET Scan

 

C:\Users\All Users\Win7codecs\{29FB9365-74F7-4972-9279-3FE0723D6207}\Win7codecs.msi    a variant of Win32/Bundled.Toolbar.Ask application    
D:\Users\All Users\Win7codecs\{29FB9365-74F7-4972-9279-3FE0723D6207}\Win7codecs.msi    a variant of Win32/Bundled.Toolbar.Ask application    
C:\ProgramData\Win7codecs\{29FB9365-74F7-4972-9279-3FE0723D6207}\Win7codecs.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Sandbox\Administrator\DefaultBox\drive\C\Program Files\ExpressFiles\EFUpdater.exe    a variant of Win32/YourFileDownloader.B application    cleaned by deleting - quarantined
C:\Sandbox\Administrator\DefaultBox\drive\C\Program Files\ExpressFiles\uninstall.exe    a variant of Win32/ExpressFiles.B application    cleaned by deleting - quarantined
C:\Users\Administrator\Desktop\UBCD4WinV360.exe    Win32/PrcView application    cleaned by deleting - quarantined
C:\Users\Administrator\Desktop\NewNow\SurfAnonymousFree-2.2.2.8.Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Administrator\Documents\ubcd511.iso    Win32/PSWTool.KonBoot.A application    deleted - quarantined
C:\Users\Administrator\Downloads\avc-free.exe.part    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\codecs.for.windows.7.pack.v4.0.5.setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\DAEMONToolsPro520-0348.exe.part    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\FreemakeVideoConverterSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\frostwire-5.4.0.windows.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\media.player.codec.pack.v4.2.5.setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Administrator\Downloads\WinZipRegistryOptimizer.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Windows\Installer\2f3e5.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
D:\torrent.exe    Win32/BundleInstaller.A application    cleaned by deleting - quarantined
D:\Users\DII\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4OI519Y\Portable_TotalUninstall_5_0_1_27_MultiLang.exe    Win32/Adware.1ClickDownload.G application    cleaned by deleting - quarantined
D:\Users\DII\AppData\Local\Temp\BunndleOfferManager.dll    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
D:\Users\DII\Downloads\Hirens.BootCD.15.1(1).zip.part    Win32/PSWTool.KonBoot.A application    deleted - quarantined
D:\Users\DII\Downloads\Hirens.BootCD.15.1(2).zip.part    Win32/PSWTool.KonBoot.A application    deleted - quarantined
D:\Users\DII\Downloads\Hirens.BootCD.15.1.zip.part    Win32/PSWTool.KonBoot.A application    deleted - quarantined
D:\Users\DII\Downloads\SLIC Tools.rar    a variant of Win32/Packed.FlyStudio application    deleted - quarantined
D:\Users\DII\Downloads\SLIC_ToolKit_V3.2(1).rar    Win32/HackTool.SLICMod.C application    deleted - quarantined
D:\Users\DII\Downloads\SLIC_ToolKit_V3.2.rar    Win32/HackTool.SLICMod.C application    deleted - quarantined
D:\Users\DII\Downloads\Universal BIOS Backup ToolKit 2.0(1).zip    a variant of Win32/Packed.FlyStudio application    deleted - quarantined
D:\Users\DII\Downloads\Universal BIOS Backup ToolKit 2.0.zip    a variant of Win32/Packed.FlyStudio application    deleted - quarantined
D:\Users\DII\Downloads\Windows_Expert_Tool_4.3.1.zip    multiple threats    deleted - quarantined
D:\Users\DII\Downloads\WOAT_v3.4.1 - FIX.exe    a variant of Win32/HackKMS.A application    deleted - quarantined
D:\Users\DII\Downloads\Windows 7 Loader By Orbit30 & Hazar v1.5.4 (x86 & x64) Windows 7 Loader eXtreme Edition 3.010\Bonus\PowerISO.v4.4.WinAll.Incl.Keygen-CRD\cxa1533a.zip    a variant of Win32/Keygen.AK application    deleted - quarantined
G:\FS Backup\oldwinxp\New Rec G\kazaa_setup.exe    a variant of Win32/Adware.Kazaa.A application    cleaned by deleting - quarantined
G:\Important Programs\ImgBurn_2.5.2.0.zip    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
G:\Important Programs\SetupImgBurn_2.5.2.0.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
G:\Sandboxie Program\Platinum Hide IP v3.0.6.8 [TheRekash2009] Full.rar    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
G:\Sandboxie Program\Hide IP Easy v5.1.3.8 + Crack (Srkfan-Invicta RG)\HideIPEasy-5.1.3.8.Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 30 May 2013 - 08:26 AM

This morning I used Firefox to connect to eBay, as before I get a black page with a pixel in the center

Remove Firefox using the Add/Remove programs applet. Restart the computer normally and re-install it.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please let me know what problem persists.

#9 dinovo

dinovo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 30 May 2013 - 07:12 PM

Dear nasdaq

Thanks for your reply

Today Firefox  is not presenting me with a black blank page when connecting to eBay.

It is working and opened the page.

At present I cannot any other problems, I have not done much with computer bat seems to work OK

Thank You

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by Administrator at 8:11:45 on 2013-05-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3582.2761 [GMT 10:00]
.
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\hasplms.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\OO Software\DiskImage\oodiag.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\gql\gql.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office12\MSTORDB.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uRun: [GoogleQuery] c:\gql\gql.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"
mRun: [ACPW06EN] "c:\program files\acd systems\acdsee pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\5p7y6ssf.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [2012-10-24 98064]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [2012-10-24 29456]
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\drivers\oodivd.sys [2012-10-24 209168]
R0 oodivdh;oodivdh;c:\windows\system32\drivers\oodivdh.sys [2012-10-24 32528]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-10-25 752128]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-11-13 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-11-16 83392]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-11-16 3246040]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-15 701512]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 OO DiskImage;OO DiskImage;c:\program files\oo software\diskimage\oodiag.exe [2012-10-24 4743024]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2011-6-30 845808]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-11-16 167968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-15 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-8-26 157776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-15 418376]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-14 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-14 11904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-4-11 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-16 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-16 11104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-20 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
SUnknown rootrepeal;rootrepeal; [x]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect lightning\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-05-28 22:40:31    --------    d-----w-    c:\windows\XSxS
2013-05-27 12:19:34    8    --sh--r-    c:\programdata\8510DB6088.sys
2013-05-27 00:55:02    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-27 00:55:01    --------    d-----w-    c:\users\administrator\appdata\local\temp
2013-05-25 21:12:13    --------    d-----w-    c:\program files\common files\Wondershare
2013-05-25 07:38:53    --------    d-----w-    c:\users\administrator\appdata\local\SafeNet Sentinel
2013-05-25 07:38:53    --------    d-----w-    c:\programdata\SafeNet Sentinel
2013-05-25 07:38:27    --------    d-----w-    c:\program files\common files\Aladdin Shared
2013-05-25 07:38:26    4412872    ----a-w-    c:\windows\system32\hasplms.exe
2013-05-25 07:38:26    4412872    ----a-w-    c:\windows\system32\aksllmtp.exe
2013-05-25 07:38:24    365056    ----a-w-    c:\windows\system32\drivers\aksfridge.sys
2013-05-25 07:37:47    605128    ----a-w-    c:\windows\system32\drivers\hardlock.sys
2013-05-25 07:37:47    198088    ----a-w-    c:\windows\system32\hlvdd.dll
2013-05-25 07:37:21    --------    d-----w-    c:\program files\Lightworks
2013-05-25 04:20:35    --------    d-----w-    c:\programdata\Freemake
2013-05-25 03:33:11    --------    d-----w-    c:\program files\Freemake
2013-05-24 22:42:03    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-24 09:18:56    --------    d-----w-    c:\users\administrator\appdata\local\Sony
2013-05-23 07:59:59    25024    ----a-w-    c:\windows\system32\udcpm.dll
2013-05-23 07:59:55    --------    d-----w-    c:\program files\Universal Document Converter
2013-05-22 12:35:58    180356    ----a-w-    c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2013-05-22 12:35:57    303236    ----a-w-    c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2013-05-22 12:13:42    126976    ------w-    c:\windows\system32\BrfxD05b.dll
2013-05-22 12:13:37    73728    ------w-    c:\windows\system32\BrDctF2.dll
2013-05-22 12:13:37    5120    ------w-    c:\windows\system32\BrDctF2L.dll
2013-05-22 12:13:37    3072    ------w-    c:\windows\system32\BrDctF2S.dll
2013-05-22 12:13:37    176128    ------w-    c:\windows\system32\BroSNMP.dll
2013-05-20 16:18:22    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-05-16 05:19:23    7016152    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{8bfcceaf-1a89-4a8a-8249-573679153298}\mpengine.dll
2013-05-08 07:26:07    --------    d-----w-    c:\users\administrator\appdata\roaming\DVD Flick
2013-05-08 07:25:35    40960    ----a-w-    c:\windows\system32\ssubtmr6.dll
2013-05-08 07:25:35    36864    ----a-w-    c:\windows\system32\trayicon_handler.ocx
2013-05-08 07:25:35    28672    ----a-w-    c:\windows\system32\mousewheel.ocx
2013-05-08 07:25:35    212240    ----a-w-    c:\windows\system32\richtx32.ocx
2013-05-08 07:25:35    164144    ----a-w-    c:\windows\system32\comct232.ocx
2013-05-08 07:25:35    --------    d-----w-    c:\program files\DVD Flick
2013-05-07 05:50:48    2557728    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-05-07 05:12:23    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-05-07 05:12:20    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2013-05-07 05:12:19    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2013-05-07 05:12:19    131584    ----a-w-    c:\windows\system32\aaclient.dll
2013-05-07 05:12:12    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-05-07 05:12:09    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-05-07 05:12:09    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-05-07 05:12:07    69632    ----a-w-    c:\windows\system32\smss.exe
2013-05-07 05:12:07    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-05-07 02:04:31    --------    d-----w-    c:\programdata\DAEMON Tools Lite
2013-05-04 06:47:47    --------    d-----w-    c:\users\administrator\appdata\roaming\UDC Profiles
2013-05-04 04:27:24    --------    d-----w-    c:\programdata\AVS4YOU
2013-05-04 04:27:10    --------    d-----w-    c:\program files\common files\AVSMedia
2013-05-04 04:27:06    --------    d-----w-    c:\program files\AVS4YOU
.
==================== Find3M  ====================
.
2013-05-27 12:19:35    7256    --sha-w-    c:\programdata\KGyGaAvL.sys
2013-05-18 02:29:01    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 02:29:01    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 16:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-04 04:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-03 19:36:01    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-04-03 19:35:52    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 12:48:42    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-07 11:50:49    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2013-03-07 11:10:12    15600    ----a-w-    c:\windows\gdrv.sys
.
============= FINISH:  8:12:44.49 ===============
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 31 May 2013 - 07:55 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#11 dinovo

dinovo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 31 May 2013 - 07:43 PM

Dear nasdaq

 

Thanks for your help and support

I have done the cleanup as you suggested and hope to stay clean with your recommendations.

Thanks to BleepingComputers and the removal Team.

 

I personally thank you for your time and help; I have no words to express my gratitude,

For  a job well done.

 

Thank You to you



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 01 June 2013 - 08:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 06 June 2013 - 10:11 AM

This topic has been re-opened at the request of the person who originally posted.

#14 dinovo

dinovo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 07 June 2013 - 03:03 AM

Dear nasdaq

Thanks for helping again

 

When I Closed this topic it looked that everything was good, last weekend  I sent an  Email only parts reached the destination

 

I was informed of this two days ago I have been train to re-sent  with tree different emails, I cannot do so.

 

When I sent the email on the weekend the page was clean I did not see any problems

 

When I went to sent the email again the following Picts show the messages on page, the same messages that wore there before.

 

I am shore that you cleaned it because I was able to reed mails and delete spam etc. I could not do before you cleanup.

Thanks for your help

 

 

 

OK I cannot post the Picts here to show the messages on web page

You are not allowed to use that image extension on this community.

 

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by Administrator at 17:01:47 on 2013-06-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3582.2358 [GMT 10:00]
.
AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\hasplms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\OO Software\DiskImage\oodiag.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\OO Software\DiskImage\ooditray.exe
C:\gql\gql.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uRun: [GoogleQuery] c:\gql\gql.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"
mRun: [ACPW06EN] "c:\program files\acd systems\acdsee pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [OODITRAY.EXE] c:\program files\oo software\diskimage\ooditray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\5p7y6ssf.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [2012-10-24 98064]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [2012-10-24 29456]
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\drivers\oodivd.sys [2012-10-24 209168]
R0 oodivdh;oodivdh;c:\windows\system32\drivers\oodivdh.sys [2012-10-24 32528]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2012-10-25 752128]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-11-13 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-11-16 83392]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2012-11-16 3246040]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-15 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-15 701512]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 OO DiskImage;OO DiskImage;c:\program files\oo software\diskimage\oodiag.exe [2013-2-21 4772144]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2011-6-30 845808]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2012-11-16 167968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-15 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-8-26 157776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-14 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-14 11904]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-4-11 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-16 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-16 11104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-20 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-1-20 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect lightning\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-06-06 00:02:25    --------    d-----w-    c:\program files\common files\AVSMedia
2013-06-06 00:02:19    --------    d-----w-    c:\program files\AVS4YOU
2013-06-01 00:02:48    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-28 22:40:31    --------    d-----w-    c:\windows\XSxS
2013-05-27 12:19:34    8    --sh--r-    c:\programdata\8510DB6088.sys
2013-05-27 00:55:01    --------    d-----w-    c:\users\administrator\appdata\local\temp
2013-05-25 21:12:13    --------    d-----w-    c:\program files\common files\Wondershare
2013-05-25 07:38:53    --------    d-----w-    c:\users\administrator\appdata\local\SafeNet Sentinel
2013-05-25 07:38:53    --------    d-----w-    c:\programdata\SafeNet Sentinel
2013-05-25 07:38:27    --------    d-----w-    c:\program files\common files\Aladdin Shared
2013-05-25 07:38:26    4412872    ----a-w-    c:\windows\system32\hasplms.exe
2013-05-25 07:38:26    4412872    ----a-w-    c:\windows\system32\aksllmtp.exe
2013-05-25 07:38:24    365056    ----a-w-    c:\windows\system32\drivers\aksfridge.sys
2013-05-25 07:37:47    605128    ----a-w-    c:\windows\system32\drivers\hardlock.sys
2013-05-25 07:37:47    198088    ----a-w-    c:\windows\system32\hlvdd.dll
2013-05-25 07:37:21    --------    d-----w-    c:\program files\Lightworks
2013-05-25 04:20:35    --------    d-----w-    c:\programdata\Freemake
2013-05-25 03:33:11    --------    d-----w-    c:\program files\Freemake
2013-05-24 22:42:03    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-24 09:18:56    --------    d-----w-    c:\users\administrator\appdata\local\Sony
2013-05-23 07:59:59    25024    ----a-w-    c:\windows\system32\udcpm.dll
2013-05-23 07:59:55    --------    d-----w-    c:\program files\Universal Document Converter
2013-05-22 12:35:58    180356    ----a-w-    c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2013-05-22 12:35:57    303236    ----a-w-    c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2013-05-22 12:13:42    126976    ------w-    c:\windows\system32\BrfxD05b.dll
2013-05-22 12:13:37    73728    ------w-    c:\windows\system32\BrDctF2.dll
2013-05-22 12:13:37    5120    ------w-    c:\windows\system32\BrDctF2L.dll
2013-05-22 12:13:37    3072    ------w-    c:\windows\system32\BrDctF2S.dll
2013-05-22 12:13:37    176128    ------w-    c:\windows\system32\BroSNMP.dll
2013-05-20 16:18:22    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-05-16 05:19:23    7016152    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{8bfcceaf-1a89-4a8a-8249-573679153298}\mpengine.dll
2013-05-08 07:26:07    --------    d-----w-    c:\users\administrator\appdata\roaming\DVD Flick
2013-05-08 07:25:35    40960    ----a-w-    c:\windows\system32\ssubtmr6.dll
2013-05-08 07:25:35    36864    ----a-w-    c:\windows\system32\trayicon_handler.ocx
2013-05-08 07:25:35    28672    ----a-w-    c:\windows\system32\mousewheel.ocx
2013-05-08 07:25:35    212240    ----a-w-    c:\windows\system32\richtx32.ocx
2013-05-08 07:25:35    164144    ----a-w-    c:\windows\system32\comct232.ocx
2013-05-08 07:25:35    --------    d-----w-    c:\program files\DVD Flick
.
==================== Find3M  ====================
.
2013-06-05 06:21:04    7308    --sha-w-    c:\programdata\KGyGaAvL.sys
2013-05-18 02:29:01    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 02:29:01    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 16:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 04:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-03 19:36:01    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-04-03 19:35:52    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-22 12:48:42    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-19 05:04:13    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16    69632    ----a-w-    c:\windows\system32\smss.exe
.
============= FINISH: 17:02:47.95 ===============
 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 07 June 2013 - 09:25 AM

Lets check this gql.exe file.

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\gql\gql.exe
  • Go to Jotti's malware scan
  • and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Capture.JPG
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

Which e-mail program are you using?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users