Jump to content

Missing Folders: Hidden by Virus (D.Dorkbot & Ramnit.F)


Dom

Recommended Posts

Hi all,

I'm currently travelling around the world, using a hard-drive to store my photos. I'd been putting them on via internet cafes, virus scanning each computer before I used it. The one time I didn't do this, my hard drive picked up a nasty virus. It turned all my jpg.s into .exe files along with my folders. It also infected two of my memory cards that were plugged in at the time.

I then rescanned the cards and the harddrive using a computer with ESET NOD 32 Anti Virus. It quarantined all the folders along with the jpg.s that were infected. The viruses found were Ramnit.F and D.Dorkbot.

I'm now backing everything up onto a laptop I bought and I'm trying to recover the photos. The space on the hard drive is still occupied however I can't view the folders.

Running command prompt and using attrib -s -h /s /d *.* hasn't worked. I get Access Denied - F:\System Volume Information

As far as I can tell the hard-drive is now disinfected although it seems peculiar that I still can't access it. I've attached a MBAM full scan of the harddrive and dds. logs.

I also suspect the copy of windows that came with the laptop isn't genuine, however I can't reinstall with my genuine copy until I get back in a couple months. Hopefully this won't be an issue.

What should be my next step?

dds.txt

attach.txt

mbam-log-2012-12-03 (13-50-41).txt

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please open Notepad and copy and paste the following script:


pc_drive = InputBox("Input drive letter" & vbnewline & "example: E:\", "Drive","E:\")
ryt = Right(pc_drive,2)
If Len(pc_drive) <> 3 or ryt <> ":\" Then
Call MsgBox("Either your input was invalid or the drive you specified doesn'texist",vbokonly,"Error")
End If

Set FSO = CreateObject("Scripting.FileSystemObject")
ShowSubfolders FSO.GetFolder(pc_drive)

Sub ShowSubFolders(Folder)
str =""
For Each Subfolder in Folder.SubFolders
str =str & " " & Subfolder.Path
subFolder.Attributes = 0
ShowSubFolders Subfolder
Next
End Sub

Name the txt file unhide.vbs.

Right-click the file and select Open with Command Prompt.

You will be prompted which Drive Letter you want to use. Choose the one matching your Hard Drive.

Then press OK.

Let me know if that solves the issue.

=====

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply please provide the following:

  • An update on the status of your folders.
  • Contents of ComboFix.txt.

Link to post
Share on other sites

Sorry about the delay, I'm stuck on an island in Thailand and the internet is shocking.

Unfortunately I couldn't even run the text file. I was going to post pictures however nothing is working and the picture function on the forum is failing. Hopefully descriptions will be enough.

I created the text file. I right clicked on it however the menu "Open with Command Prompt." was missing.

I clicked on "Open With".

Command Prompt was not an option so I manually went to the path C:\Windows\System32\cmd.exe and selected that.

This was apparently a bad move.

Now opening any notepad file opens up command prompt. The "Always use the selected programme to open this kind of file" check box on "Open With" is now permanently grayed out.

I think I found the relevant registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice

Inside there is a file named Progid which contains:

Value Name: Progid

Value Data: Applications\cmd.exe

However I don't know what to change this to, to solve the problem. I tried solving the problem using the default programme options in the control panel however this didn't work.

So two new questions. 1. How do I remove this association?

2. How do I run a text file as a command prompt script when the context menu option, run as command prompt is missing.

I'm running Windows 7 32bit.

Link to post
Share on other sites

Ok so the folders have magically reappeared and I don't have the faintest idea. However there seems to be some size discrepancies; one of my jpg folders is 10.9gb but I can only see about 8 gb so I'm going to take a proper look and put down the results when I'm done. I'm also going to run combofix anyway.

Link to post
Share on other sites

Ok cool I managed to get the script to run. (Windows affixed .txt on the end of .vbs and I missed it).

It didn't work on the harddrive, Maybe because it had all already appeared? But it worked great on the memory stick and revealed all the folders.

Here's the combo fix log. I ran combo fix with both the harddrive and memory stick plugged in.

I've not checked through all the photos yet. I have around 9000 and it's taking awhile. Up to 5000, it's all good.

combofix log.txt

Link to post
Share on other sites

Did not occur. Probably should've done. Did you know the only place with worse internet than a tropical island is anywhere in Australia?

ComboFix 12-12-07.01 - top 12/09/2012 18:51:43.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1878.339 [GMT 7:00]

Running from: c:\users\top\Downloads\Programs\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))

.

.

2012-12-09 12:02 . 2012-12-09 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-08 11:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11E017EE-2E06-44DA-8D7D-80BF99A85206}\mpengine.dll

2012-12-06 11:08 . 2012-12-06 11:08 -------- d-----w- c:\users\top\AppData\Local\Apps

2012-12-06 11:06 . 2012-12-06 11:06 -------- d-----w- c:\users\top\AppData\Local\Apple Computer

2012-12-06 11:06 . 2012-12-06 11:13 -------- d-----w- c:\users\top\AppData\Roaming\Apple Computer

2012-12-06 11:06 . 2012-08-21 06:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-06 11:06 . 2012-12-06 11:06 -------- dc----w- c:\windows\system32\DRVSTORE

2012-12-06 11:05 . 2012-12-06 11:05 -------- d-----w- c:\program files\iPod

2012-12-06 11:05 . 2012-12-06 11:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-06 11:05 . 2012-12-06 11:06 -------- d-----w- c:\program files\iTunes

2012-12-06 11:05 . 2012-12-06 11:05 -------- d-----w- c:\programdata\Apple Computer

2012-12-06 11:03 . 2012-12-06 11:03 -------- d-----w- c:\users\top\AppData\Local\Apple

2012-12-06 11:03 . 2012-12-06 11:03 -------- d-----w- c:\program files\Apple Software Update

2012-12-06 11:02 . 2012-12-06 11:02 -------- d-----w- c:\program files\Bonjour

2012-12-06 11:02 . 2012-12-06 11:05 -------- d-----w- c:\program files\Common Files\Apple

2012-12-06 11:02 . 2012-12-06 11:03 -------- d-----w- c:\programdata\Apple

2012-12-05 06:25 . 2012-12-05 06:25 -------- d-----w- c:\users\top\AppData\Local\Mozilla

2012-12-05 05:48 . 2012-05-31 05:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-12-03 10:58 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-03 10:58 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-03 10:58 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-03 10:57 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-03 10:57 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-03 10:57 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-03 10:57 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-03 10:57 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-03 10:57 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-03 10:57 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-03 10:53 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-12-03 10:52 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-12-03 10:52 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-12-03 10:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-12-03 10:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-12-03 10:47 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-12-03 10:46 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-12-03 10:46 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-12-03 10:46 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-12-03 10:03 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-12-03 10:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-12-03 08:14 . 2012-12-03 08:14 -------- d-----w- c:\program files\Unlocker

2012-12-03 06:48 . 2012-12-03 06:48 -------- d-----w- c:\users\top\AppData\Roaming\Malwarebytes

2012-12-03 06:47 . 2012-12-03 06:47 -------- d-----w- c:\programdata\Malwarebytes

2012-12-03 06:47 . 2012-12-03 06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-03 06:47 . 2012-09-29 12:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-01 00:45 . 2012-12-01 00:45 -------- d-----w- c:\windows\system32\Wat

2012-11-30 19:14 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-11-30 19:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-11-30 19:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-11-30 19:10 . 2012-11-30 19:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-11-30 16:40 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-11-30 16:40 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-11-30 16:40 . 2012-10-15 15:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-30 16:40 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-11-30 16:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-30 16:39 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-11-30 16:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-11-30 16:39 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-11-30 16:39 . 2012-11-30 16:39 -------- d-----w- c:\programdata\AVAST Software

2012-11-30 16:39 . 2012-11-30 16:39 -------- d-----w- c:\program files\AVAST Software

2012-11-30 15:48 . 2012-11-30 15:48 -------- d-----w- c:\program files\Recuva

2012-11-30 13:46 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-11-30 13:46 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2012-11-30 13:46 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-11-30 13:46 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-11-30 13:46 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-11-30 13:46 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-11-30 13:46 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-30 13:46 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-11-30 13:44 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-11-30 13:43 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-11-30 13:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-11-30 13:31 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-11-30 13:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-11-30 13:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-11-30 13:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-11-30 13:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-11-30 13:22 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-11-30 13:22 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-11-30 13:22 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-11-30 13:22 . 2012-06-02 08:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-30 13:22 . 2012-06-02 08:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-11-30 10:48 . 2012-11-30 10:48 -------- d-----w- c:\users\top\AppData\Roaming\ACD Systems

2012-11-30 10:06 . 2012-11-30 13:29 -------- d-----w- c:\users\top\AppData\Local\Adobe

2012-11-30 08:01 . 2012-11-30 08:24 -------- d-----w- c:\windows\AutoKMS

2012-11-30 08:00 . 2012-12-09 09:26 151552 ----a-w- c:\windows\KMSEmulator.exe

2012-11-30 07:52 . 2012-11-30 07:52 -------- d-----w- c:\program files\Microsoft Synchronization Services

2012-11-30 07:52 . 2012-12-08 11:13 -------- d-----w- c:\program files\Microsoft.NET

2012-11-30 07:52 . 2012-11-30 07:52 -------- d-----w- c:\program files\Microsoft Sync Framework

2012-11-30 07:52 . 2012-11-30 07:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2012-11-30 07:50 . 2012-11-30 07:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-11-30 07:49 . 2012-11-30 07:49 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-11-30 07:48 . 2012-11-30 07:48 -------- d-----r- C:\MSOCache

2012-11-30 07:40 . 2012-11-30 07:40 -------- d-----w- c:\users\top\AppData\Roaming\Synaptics

2012-11-30 07:40 . 2012-11-30 07:40 -------- d-----w- c:\programdata\Synaptics

2012-11-30 07:22 . 2012-12-09 09:25 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-11-30 07:22 . 2012-11-30 07:22 58288 ------w- c:\windows\system32\rpcnet.exe

2012-11-18 11:19 . 2012-11-18 11:19 -------- d-----w- c:\programdata\CyberLink

2012-11-18 11:19 . 2012-11-18 11:19 -------- d-----w- c:\users\top\AppData\Roaming\CyberLink

2012-11-18 11:18 . 2012-11-18 11:18 -------- d-----w- c:\users\top\AppData\Local\CyberLink

2012-11-18 11:16 . 2012-11-18 11:16 -------- d-----w- C:\Intel

2012-11-18 11:14 . 2010-01-06 06:13 506368 ----a-w- c:\windows\system32\sqlite3.dll

2012-11-18 11:11 . 2012-11-18 11:11 -------- d-----w- c:\program files\Synaptics

2012-11-18 11:11 . 2009-08-07 02:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-11-18 11:11 . 2012-03-29 13:13 323344 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-11-18 11:11 . 2012-03-29 13:13 122128 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-11-18 11:11 . 2012-03-29 13:13 175376 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-11-18 11:11 . 2012-03-29 13:13 146704 ----a-w- c:\windows\system32\SynGlwPadShlExt.dll

2012-11-18 11:11 . 2012-03-29 13:13 396560 ----a-w- c:\windows\system32\SynCOM.dll

2012-11-18 11:11 . 2012-03-29 13:13 228624 ----a-w- c:\windows\system32\SynCtrl.dll

2012-11-18 11:11 . 2011-09-14 11:11 1048576 ----a-w- c:\windows\system32\syndata.bin

2012-11-18 10:57 . 2012-12-01 00:49 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2012-11-18 10:56 . 2012-12-09 11:34 17920 ----a-w- c:\windows\system32\rpcnetp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-18 11:14 . 2011-03-28 11:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-10-16 07:39 . 2012-12-03 10:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-09-28 03:32 . 2012-09-28 03:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 03:32 . 2012-09-28 03:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-04-21 01:19 . 2012-10-15 13:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-10-15 3405208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACPW05EN"="c:\program files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"MagicLinker3"="c:\program files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe" [2005-10-20 155648]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-29 2346256]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-09 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-11-30 08:01]

.

2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-15 13:37]

.

2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-15 13:37]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: ??????????????? IDM

IE: ??????????????????????????? IDM

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: ??????????????????????????? IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: ??????????????? IDM - c:\program files\Internet Download Manager\IEExt.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\top\AppData\Roaming\Mozilla\Firefox\Profiles\4dyzyjpq.default\

FF - ExtSQL: 2012-10-15 21:07; mozilla_cc@internetdownloadmanager.com; c:\users\top\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2012-12-05 13:26; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\top\AppData\Roaming\Mozilla\Firefox\Profiles\4dyzyjpq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.032"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.abr"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.apd"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.arw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bay"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cr2"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.crw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cs1"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcr"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcx"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djv"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djvu"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dng"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.eps"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.erf"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fff"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fpx"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.hdr"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icn"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iff"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ilbm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.int"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.inta"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iw4"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2c"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2k"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jbr"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jif"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jp2"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpc"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpk"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpx"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.kdc"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.lbm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mef"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mos"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mrw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nef"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nrw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.orf"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbr"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcd"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pct"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcx"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pef"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pgm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pic"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pict"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pix"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ppm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psd"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psp"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspbrush"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspimage"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raf"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ras"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgb"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgba"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rsb"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rw2"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rwl"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sgi"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sr2"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srf"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srw"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tga"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.thm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50po"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50pp"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50ppf"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbmp"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xbm"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xif"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xmp"

.

[HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xpm"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1844)

c:\program files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\ActWndHk.dll

.

Completion time: 2012-12-09 19:06:27

ComboFix-quarantined-files.txt 2012-12-09 12:06

.

Pre-Run: 694,001,664 bytes free

Post-Run: 952,274,944 bytes free

.

- - End Of File - - 87A40DD13BE04459D31D379BC114C28F

Link to post
Share on other sites

Good morning Dom,

Well ComboFix didn't find anything of concern.

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Also, please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

=====

In your reply please provide the contents of the following:

  • AdwCleaner[R1].txt.
  • log.txt.

Are there any remaining issues on your computer or hard drive?

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.