Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: frantheman7 on September 27, 2013, 07:27:05 AM
-
Hello everyone,
I got this pop-up happening to me now from justcloud.com,
it pops up and I cant use the site or any site that it pops up on,
it's more like a virus then an ad or a pop-up,
I tried everything I could think of, I even took out my C drive
and put the clone in and I still get the pop-up, it's driving me nuts,
is it possible to get a virus in the bios
I attached a pix of it,
any help would be greatly appreciated,
Thank you all so very much, fran
=========
[recovering disk space, attachment deleted by admin]
-
other logs, I couldn't put them in together
[recovering disk space, attachment deleted by admin]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I even took out my C drive and put the clone in and I still get the pop-up
How did you do this? What do you mean by clone?
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)
The Security Check says that your AVG is turned off. Please make sure it's turned on.
Please run MBAM again, make sure all the infections are checked and select "Remove Selected".
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
When I did the first scans the problem seem to go away but you guy said to go through the whole process
and I have no complaint on how everything is so far, I thank you guys so much.
Frantheman7
PS.
Darn it, I like this program (dll-files.com fixer)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Ultimate x86
Ran by Frantheman7 on Fri 09/27/2013 at 16:19:22.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BC4C7848-7BA7-4C59-B8D0-E851C0694D1D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\diamondata"
Successfully deleted: [Folder] "C:\Program Files\dll-files.com fixer"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/27/2013 at 16:25:33.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
When I have my pc the way I want it,
then I clone the drive so that, if anything goes wrong,
I could just take out the c drive from my pc and put the cloned drive in,
but this time it didn't work, the virus/pop-ups were on the cloned drive as well.
what does that mean, was the virus in the bios or in one of my other drives
that I have in my pc?
Thank you,
Frantheman7
-
Yes, it's possible the infections was also on the clone drive.
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
ComboFix 13-09-28.02 - Frantheman7 09/28/2013 22:48:22.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1641 [GMT -4:00]
Running from: c:\users\Frantheman7\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frantheman7\AppData\Local\assembly\tmp
c:\windows\system32\SET7E6.tmp
c:\windows\system32\SETD26.tmp
c:\windows\system32\SETE3C6.tmp
c:\windows\system32\SETEF31.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-29 )))))))))))))))))))))))))))))))
.
.
2013-09-29 02:55 . 2013-09-29 02:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-29 02:55 . 2013-09-29 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-28 23:32 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-28 22:03 . 2013-09-28 22:03 -------- d-----w- c:\users\Frantheman7\AppData\Roaming\Malwarebytes
2013-09-28 22:03 . 2013-09-28 22:03 -------- d-----w- c:\programdata\Malwarebytes
2013-09-27 22:55 . 2013-09-27 22:55 -------- d-----w- c:\programdata\vsosdk
2013-09-27 20:19 . 2013-09-27 20:19 -------- d-----w- c:\windows\ERUNT
2013-09-26 21:43 . 2013-09-26 21:43 -------- d-----w- c:\programdata\Malwarebytes-BackupByMalwarebytesPortable
2013-09-26 21:27 . 2013-09-26 21:27 -------- d-----w- c:\program files\CCleaner
2013-09-26 21:26 . 2013-09-27 12:45 -------- d-----w- C:\AdwCleaner
2013-09-26 00:29 . 2013-06-09 02:40 15696 ----a-w- c:\windows\system32\drivers\asdnet.sys
2013-09-25 21:37 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-25 21:37 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 21:37 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-09-25 21:37 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 21:37 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 20:40 . 2013-09-25 20:40 -------- d-----w- c:\users\Frantheman7\AppData\Roaming\Anvisoft
2013-09-25 20:39 . 2013-09-25 20:39 -------- d-----w- c:\programdata\Anvisoft
2013-09-25 20:39 . 2012-11-07 07:16 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-09-25 20:39 . 2012-11-07 07:16 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-09-25 20:39 . 2012-11-07 07:16 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-09-25 20:39 . 2013-09-26 00:29 -------- d-----w- c:\program files\Anvisoft
2013-09-05 22:53 . 2013-09-05 22:53 -------- d-----w- c:\users\Frantheman7\AppData\Roaming\LucasArts
2013-09-05 22:22 . 2013-09-05 22:22 -------- d-----w- c:\program files\LucasArts
2013-09-05 22:05 . 2013-09-05 22:05 -------- d-----w- c:\users\Frantheman7\AppData\Local\EMU
2013-09-05 22:04 . 2013-09-05 22:05 -------- d-----w- c:\users\Frantheman7\AppData\Local\PAYDAY 2
2013-09-05 21:53 . 2013-09-05 22:03 -------- d-----w- c:\program files\PAYDAY 2
2013-09-05 01:51 . 2013-09-25 22:59 -------- d-----w- C:\Mp3tag v2.45
2013-09-05 00:08 . 2013-09-05 00:08 -------- d-----w- c:\program files\TagRename
2013-09-04 23:35 . 2013-09-04 23:35 -------- d-----w- c:\users\Frantheman7\AppData\Roaming\ABF software
2013-09-04 03:31 . 2013-09-25 22:59 -------- d-----w- c:\program files\A123 All to mp3 Converter
2013-09-03 20:52 . 2013-09-03 20:52 -------- d-----w- c:\program files\Foxit Software
2013-09-03 04:40 . 2013-09-03 04:40 -------- d-----w- c:\programdata\RealNetworks
2013-09-03 04:40 . 2013-09-03 04:40 -------- d-----w- c:\program files\Common Files\xing shared
2013-09-02 10:08 . 2013-09-03 04:40 -------- d-----w- c:\program files\Real
2013-09-02 08:37 . 2013-09-02 08:52 -------- d-----w- c:\program files\Common Files\Real
2013-09-02 05:14 . 2013-09-02 05:14 -------- d-----w- c:\program files\Tomato
2013-09-02 05:14 . 2008-07-03 18:26 6294528 ----a-w- c:\windows\system32\MediaIO1.dll
2013-08-31 00:20 . 2013-09-01 02:19 -------- d-----w- c:\programdata\WindSolutions
2013-08-31 00:19 . 2013-08-31 00:19 -------- d-----w- c:\users\Frantheman7\AppData\Roaming\WindSolutions
2013-08-30 19:25 . 2013-08-30 19:25 -------- d-----w- c:\program files\MP3TagEditor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-25 23:29 . 2013-06-23 17:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-25 23:29 . 2013-06-23 17:40 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-18 02:23 . 2013-06-23 15:27 53024 ----a-w- c:\windows\system32\OpenCL.dll
2013-09-18 02:23 . 2013-06-23 19:33 13628208 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-09-18 02:23 . 2013-06-23 15:26 1222824 ----a-w- c:\windows\system32\nvumdshim.dll
2013-09-18 02:23 . 2013-06-23 15:26 12947360 ----a-w- c:\windows\system32\nvd3dum.dll
2013-09-18 02:23 . 2013-06-23 15:26 2630304 ----a-w- c:\windows\system32\nvapi.dll
2013-09-12 06:28 . 2013-06-23 15:27 4265760 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2013-06-23 15:27 3006240 ----a-w- c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2013-06-23 15:27 662816 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2013-06-23 15:27 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2013-06-23 15:27 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2013-06-23 15:27 209184 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-03 04:39 . 2013-06-23 15:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-03 04:39 . 2013-06-23 15:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 01:18 . 2013-08-24 01:18 15453832 ----a-w- c:\windows\system32\xlive.dll
2013-08-20 11:36 . 2013-08-20 11:36 1873752 ----a-w- c:\windows\system32\auto_reactivate.exe
2013-08-19 04:57 . 2007-04-27 14:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2013-07-28 04:37 . 2013-07-28 04:37 131072 ----a-r- c:\users\Frantheman7\AppData\Roaming\Microsoft\Installer\{8180DC57-B9CC-4C0C-8334-B357B67BCF6B}\VideoConverter5_St_B7EA6CF0C721446799BC56B5F772EFE9.exe
2013-07-28 03:31 . 2013-07-05 21:45 81920 ----a-r- c:\users\Frantheman7\AppData\Roaming\Microsoft\Installer\{95B7C0F4-7434-4DFB-B900-201BFC00C00B}\NewShortcut41_254AB2CD520A4C819BDF86ADC896D541.exe
2013-07-28 03:31 . 2013-07-05 21:45 81920 ----a-r- c:\users\Frantheman7\AppData\Roaming\Microsoft\Installer\{95B7C0F4-7434-4DFB-B900-201BFC00C00B}\NewShortcut4_1A0B109781684C62B2EB05F675FBA899.exe
2013-07-28 03:31 . 2013-07-05 21:45 131072 ----a-r- c:\users\Frantheman7\AppData\Roaming\Microsoft\Installer\{95B7C0F4-7434-4DFB-B900-201BFC00C00B}\NewShortcut5_53A455E88AFE48C5A618B7DA9F7EFF69.exe
2013-07-28 02:56 . 2013-07-28 02:56 53248 ----a-r- c:\users\Frantheman7\AppData\Roaming\Microsoft\Installer\{3A9527CF-4E91-4683-A03F-F1AD022126E5}\ARPPRODUCTICON.exe
2013-07-27 04:06 . 2013-07-27 04:06 163232 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-07-27 04:05 . 2013-07-27 04:05 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2013-07-27 04:05 . 2013-07-27 04:05 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-07-27 04:05 . 2013-07-27 04:05 170464 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-07-25 08:57 . 2013-08-15 02:50 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-24 21:53 . 2013-07-24 21:53 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-07-19 01:41 . 2013-08-15 02:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 00:17 . 2013-07-10 04:15 47360 ----a-w- c:\users\Frantheman7\AppData\Roaming\pcouffin.sys
2013-07-12 01:25 . 2013-07-12 01:25 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-12 01:25 . 2013-07-12 01:25 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-12 01:25 . 2013-07-12 01:25 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-12 01:25 . 2013-07-12 01:25 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-12 01:25 . 2013-07-12 01:25 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-12 01:25 . 2013-07-12 01:25 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-12 01:25 . 2013-07-12 01:25 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-12 01:25 . 2013-07-12 01:25 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-12 01:25 . 2013-07-12 01:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-12 01:25 . 2013-07-12 01:25 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-12 01:25 . 2013-07-12 01:25 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-12 01:25 . 2013-07-12 01:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-12 01:25 . 2013-07-12 01:25 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-12 01:25 . 2013-07-12 01:25 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-12 01:25 . 2013-07-12 01:25 361984 ----a-w- c:\windows\system32\html.iec
2013-07-12 01:25 . 2013-07-12 01:25 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-12 01:25 . 2013-07-12 01:25 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-09 05:03 . 2013-08-15 02:50 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 02:50 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 02:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 02:50 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 02:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 02:50 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 02:50 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 02:50 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 02:50 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-05 01:25 . 2013-07-05 01:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-05 01:25 . 2013-07-05 01:25 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-05 01:25 . 2013-07-05 01:25 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-05 01:25 . 2013-07-05 01:25 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-05 01:25 . 2013-07-05 01:25 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-05 01:25 . 2013-07-05 01:25 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-05 01:25 . 2013-07-05 01:25 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-05 01:25 . 2013-07-05 01:25 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-05 01:25 . 2013-07-05 01:25 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-05 01:25 . 2013-07-05 01:25 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-05 01:25 . 2013-07-05 01:25 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-05 01:25 . 2013-07-05 01:25 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-05 01:25 . 2013-07-05 01:24 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-05 01:24 . 2013-07-05 01:24 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-05 01:24 . 2013-07-05 01:24 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-05 01:24 . 2013-07-05 01:24 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2008-02-06 04:44 . 2013-07-28 13:47 200704 ----a-w- c:\program files\BorisFXUI.fex
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TextAloud3"="c:\program files\TextAloud\TextAloudMP3.exe" [2011-02-14 3732480]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2013-06-23 4771184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDEAL Calendar"="c:\program files\IDEAL Calendar\Calendar.exe" [2005-06-17 593920]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-07-25 2211688]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-09-03 295512]
"Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2013-08-12 1635048]
"Anvi AD Blocker"="c:\program files\Anvisoft\Anvi AD Blocker\ADBlockerTray.exe" [2013-06-14 1256144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-06-26 280576]
.
c:\users\Frantheman7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ShellFolderFix.lnk - c:\program files\ShellFolderFix\ShellFolderFixUI.exe /autostart [2013-6-23 1819648]
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2013-6-23 2374832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files\TechSmith\Snagit 11\Snagit32.exe [2013-5-29 9479536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 11.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
backup=c:\windows\pss\Snagit 11.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Frantheman7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^create-restore.vbs]
path=c:\users\Frantheman7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create-restore.vbs
backup=c:\windows\pss\create-restore.vbs.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-08-21 10:16 390712 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2013-06-23 18:01 4771184 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2011-07-08 16:31 84464 ----a-w- c:\program files\Roxio 2012\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2011-06-12 23:07 506352 ----a-w- c:\program files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2012-03-15 13:34 744584 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-23 03:09 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBoxConnector]
2012-11-20 13:03 812544 ----a-w- c:\ifunbox.win\ifb_conn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-05-21 17:40 324976 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-08-16 13:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
2013-05-16 14:44 1012000 ----a-w- c:\program files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-11-15 03:50 312376 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2011-07-13 11:41 293360 ----a-w- c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor]
2010-08-20 13:18 2536752 ----a-w- c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAForOE Loader]
2010-05-17 12:51 499144 ----a-w- c:\program files\TextAloud\TAForOELoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB]
2011-12-23 03:09 243336 ----a-w- c:\program files\EaseUS\Todo Backup\bin\XSnapShotTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-03 04:39 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-08-21 10:15 5459136 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 15:07 199752 ----a-w- c:\progra~1\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
2;2 CareMon;CareMon;c:\program files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 MBAMScheduler;MBAMScheduler;k:\malwarebytes' anti-malware\mbamscheduler.exe
R2 MBAMService;MBAMService;k:\malwarebytes' anti-malware\mbamservice.exe
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-14 267568]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys
R4 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-23 50312]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-02-08 42120]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 41912]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2013-06-14 16504]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2011-02-09 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2011-02-09 15856]
S0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-07-24 722416]
S0 SysCow;SysCow;c:\windows\system32\drivers\syscow32v.sys [2010-05-23 81904]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2013-07-27 752128]
S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [2012-11-07 16208]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-23 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-23 187016]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2011-02-09 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-09 457200]
S2 AdblockerSrv;Adblocker Monitor Service;c:\program files\Anvisoft\Anvi AD Blocker\ADBlockerSrv.exe [2013-06-14 314064]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2013-07-27 3975088]
S2 asdnet;Adblocker Monitor Driver;c:\windows\system32\DRIVERS\asdnet.sys [2013-06-09 15696]
S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [2012-11-07 22864]
S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-08-12 742120]
S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [2012-11-07 14160]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [2011-07-15 21488]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
S2 ReflectService.exe;Reflect Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-25 224920]
S2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2011-11-15 354176]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-07-27 163232]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-23 23:29]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = https://www.google.com/
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-iDevice Manager Launcher - c:\program files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SSDMonitor - c:\program files\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
MSConfigStartUp-Winsuite2012 - c:\program files\Spotmau\PowerSuite Golden Edition\Winsuite 2012\Spotmau_WinSuite_TrayIcon.exe
AddRemove-Alcohol 120% - c:\program files\Alcohol Soft\Alcohol 120\uninst.exe
AddRemove-Dll-Files Fixer_is1 - c:\program files\Dll-Files.com Fixer\unins000.exe
AddRemove-FE5AE7DC-7B01-4263-A94C-B4526C276549_is1 - c:\program files\Software4u\iPhone Explorer\unins000.exe
AddRemove-FE5AE7DC-7B01-4263-A94C-B4526C276550_is1 - c:\program files\Software4u\iDevice Manager\unins000.exe
AddRemove-InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354} - c:\program files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - k:\malwarebytes' anti-malware\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-3602084776-2122628737-1096821462-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3602084776-2122628737-1096821462-1001)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A618B794-1FC0-DF96-E488-F3F993F47E08}*]
"iacigalhndcohfgkle"=hex:69,61,6e,63,64,61,69,6e,68,70,62,65,6a,6a,6a,67,63,68,
00,00
.
[HKEY_USERS\S-1-5-21-3602084776-2122628737-1096821462-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F40CFDDB-794D-95B3-898F-951AD6FDA618}*]
@Allowed: (Read) (RestrictedCode)
"jaiheheihhgacdgjllmj"=hex:69,61,64,6f,6e,62,6d,63,6a,62,70,61,68,68,6f,64,65,
61,00,00
"iagkghpnkgeabcfkeg"=hex:69,61,64,6f,6e,62,6d,63,6a,62,70,61,68,68,6f,64,65,61,
00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-28 23:37:26
ComboFix-quarantined-files.txt 2013-09-29 03:37
.
Pre-Run: 1,592,036,151,296 bytes free
Post-Run: 1,591,918,075,904 bytes free
.
- - End Of File - - 79301F9E5BF16F9F8E1A789133A3F2AF
A6760C5F40127D4D36B48ECB8DF3C680
-
Malwarebytes' Anti-Rootkit
Please download Malwarebytes' Anti-Rootkit (http://www.malwarebytes.org/products/mbar/) and save it to your desktop.
- Be sure to print out and follow the instructions provided on that same page for performing a scan.
- Caution: This is a beta version so also read the disclaimer and back up (http://support.microsoft.com/kb/971759) all your data before using.
- When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
- Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
- Copy and paste the contents of these two log files in your next reply.
-
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 10.0.9200.16686
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.209000 GHz
Memory total: 3211845632, free: 1949872128
=======================================
Initializing...
------------ Kernel report ------------
09/29/2013 22:28:35
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spop.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\SI3112r.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\syscow32v.sys
\SystemRoot\System32\Drivers\FSPFltd.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm273.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\SaibIa32.sys
\SystemRoot\System32\Drivers\SahdIa32.sys
\SystemRoot\system32\DRIVERS\pssnap.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\EUBKMON.sys
\SystemRoot\system32\drivers\eubakup.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\System32\Drivers\SaibVd32.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\EuFdDisk.sys
\??\C:\Windows\system32\drivers\eudskacs.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\atinavrr.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\aolbqerv.SYS
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\MarvinBus.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Windows\system32\drivers\supersafer.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\avgidsfilterx.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xffffffff8a24aa08
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffff86fc1ca8
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xffffffff8a24aa08
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffff86fc1ca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xffffffff87fc39c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\SI3112r1Port6Path1Target0Lun0\
Lower Device Object: 0xffffffff8772a030
Lower Device Driver Name: \Driver\SI3112r\
Driver name found: SI3112r
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\scsiport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff87fbf388
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\SI3112r1Port6Path0Target0Lun0\
Lower Device Object: 0xffffffff8774b030
Lower Device Driver Name: \Driver\SI3112r\
Driver name found: SI3112r
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87fbca48
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-6\
Lower Device Object: 0xffffffff87796908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87fb9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff869da908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87fb5238
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-a\
Lower Device Object: 0xffffffff877aa908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87fb2ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-9\
Lower Device Object: 0xffffffff877a8908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87faf030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-5\
Lower Device Object: 0xffffffff87795030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff87fb5238, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fb5f00, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fb7bf0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87fb7020, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fb6268, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fb6e60, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fb5238, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fb58b8, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff8774adf0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff877aa908, DeviceName: \Device\Ide\IdeDeviceP2T1L0-a\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffba599990, 0xffffffff87fb5238, 0xffffffff86fff958
Lower DeviceData: 0xffffffffb7591148, 0xffffffff877aa908, 0xffffffff8a207048
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87faf030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fb1d10, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fb0c30, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87faf6b8, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fb0020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fae2e0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87faf030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fae5e8, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff8771c918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87795030, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffb84667f8, 0xffffffff87faf030, 0xffffffff86fd27f0
Lower DeviceData: 0xffffffff8b8e04a8, 0xffffffff87795030, 0xffffffff880d77c0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 7FF91F8E
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1131179634
GPT Header CurrentLba = 1 BackupLba 7814037167
GPT Header FirstUsableLba 34 LastUsableLba 7814037134
GPT Header Guid c18e00f2-33cd-411b-9ae6-3de182ab7b2
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 1e94de1063dd4351
Backup GPT header Revision 4123502939 Size 2928656417 CRC 4137579717
Backup GPT header CurrentLba = 5660334723064773328 BackupLba 1362350271902910050
Backup GPT header FirstUsableLba 6973226834606034875 LastUsableLba 17573439183209346517
Backup GPT header Guid ed9b4a9d-b566-738d-695e-8d6b62f6be2d
Backup GPT header Contains 4174773598 partition entries starting at LBA 1730345072154276643
Backup GPT header Partition entry size = 4196269132
GPT header and Backup GPT header have conflicting data
Backup GPT partition header signature doesn't match "EFI PART" magic
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 3b9f36e5-51b5-4e20-a578-93010c8cfe3
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID b3e2cd40-3bb2-4fd3-b3ce-71ab972b647
FirstLBA 264192 Last LBA 7814035455
Attributes 0
Partition Name Basic data partition
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff87fb2ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fb4be8, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fb3858, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87fb2508, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fb3d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fb11d0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fb2ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fb2020, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff87714930, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff877a8908, DeviceName: \Device\Ide\IdeDeviceP3T1L0-9\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffa7c177e0, 0xffffffff87fb2ac8, 0xffffffff872076e8
Lower DeviceData: 0xffffffff8ae59ee0, 0xffffffff877a8908, 0xffffffff86fd3cb8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: CA57B4CE
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2656096835
GPT Header CurrentLba = 1 BackupLba 7814037167
GPT Header FirstUsableLba 34 LastUsableLba 7814037134
GPT Header Guid 44cd6106-d4ff-4adb-a872-f6b6cc72d7da
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature a8e4c1395f5bb8c
Backup GPT header Revision 2276060340 Size 1638444693 CRC 2869749324
Backup GPT header CurrentLba = 8322690755862217569 BackupLba 11190833256507427763
Backup GPT header FirstUsableLba 12927266865093055876 LastUsableLba 2507379933620959959
Backup GPT header Guid d09cda96-1125-620-415f-d13918e190
Backup GPT header Contains 3970177303 partition entries starting at LBA 11998870038662277322
Backup GPT header Partition entry size = 1974522596
GPT header and Backup GPT header have conflicting data
Backup GPT partition header signature doesn't match "EFI PART" magic
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID e5fb93-222e-49bd-8d91-f806fe4c654
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 9fab9d54-3319-4ccf-9f60-2ba383b3edd9
FirstLBA 264192 Last LBA 7814035455
Attributes 0
Partition Name Basic data partition
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
Done!
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A95E8
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3907022017
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff87fb9030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fbbd10, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fba9b0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87fbaec8, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fba020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fb9ea0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fb9030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fb87f0, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff87732a60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff869da908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffc2d23c00, 0xffffffff87fb9030, 0xffffffff8721f538
Lower DeviceData: 0xffffffffadda3f58, 0xffffffff869da908, 0xffffffff880ccf08
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: D56A0ABD
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 830545676
GPT Header CurrentLba = 1 BackupLba 7814037167
GPT Header FirstUsableLba 34 LastUsableLba 7814037134
GPT Header Guid 6c29a018-a817-4993-95c9-dc1376295262
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 70d82cd86afc823
Backup GPT header Revision 2382923352 Size 3290566820 CRC 1695269861
Backup GPT header CurrentLba = 12327680810419122754 BackupLba 17393688557779241636
Backup GPT header FirstUsableLba 72058682438194453 LastUsableLba 14502316600427913142
Backup GPT header Guid bf5d614-5183-43a4-576c-443fa98d2ad3
Backup GPT header Contains 3941242945 partition entries starting at LBA 9033416481053252404
Backup GPT header Partition entry size = 1191669972
GPT header and Backup GPT header have conflicting data
Backup GPT partition header signature doesn't match "EFI PART" magic
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 40a5daa1-14c-11e3-90b5-e0cb4e64981f
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 1c9437b7-1dad-4d09-a256-7f6f6fc03538
FirstLBA 264192 Last LBA 7814035455
Attributes 0
Partition Name Basic data partition
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xffffffff87fbca48, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fbe9e0, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fbd650, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87fbdb28, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fbdc80, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fbc918, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fbca48, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fbc020, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff87750338, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff87796908, DeviceName: \Device\Ide\IdeDeviceP5T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffc2c176f0, 0xffffffff87fbca48, 0xffffffff8811d048
Lower DeviceData: 0xffffffffc2de47f8, 0xffffffff87796908, 0xffffffff8a27f620
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C65CA51
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 4075435894
GPT Header CurrentLba = 1 BackupLba 7814037167
GPT Header FirstUsableLba 34 LastUsableLba 7814037134
GPT Header Guid 825ea4f6-dc3a-4970-9cf4-d1d2dcf77cea
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 00000000
Backup GPT header Revision 0 Size 0 CRC 0
Backup GPT header CurrentLba = 0 BackupLba 0
Backup GPT header FirstUsableLba 0 LastUsableLba 0
Backup GPT header Guid 0-0-0-00-000000
Backup GPT header Contains 0 partition entries starting at LBA 0
Backup GPT header Partition entry size = 0
GPT header and Backup GPT header have conflicting data
Backup GPT partition header signature doesn't match "EFI PART" magic
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 2e77ccda-3043-4bbb-9429-675fa8d76ac
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c505b136-2169-446f-9755-de6dfe116a3e
FirstLBA 264192 Last LBA 7814035455
Attributes 0
Partition Name Basic data partition
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xffffffff87fbf388, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fc1258, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fc1ec0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87fc04a8, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fc0600, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fc0020, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fbf388, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fbf8e0, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff8774b030, DeviceName: \Device\Scsi\SI3112r1Port6Path0Target0Lun0\, DriverName: \Driver\SI3112r\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffa9eee138, 0xffffffff87fbf388, 0xffffffff8a174ac8
Lower DeviceData: 0xffffffff8b8e4100, 0xffffffff8774b030, 0xffffffff86f07f08
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 4CD37BC3
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3993837388
GPT Header CurrentLba = 1 BackupLba 7814037167
GPT Header FirstUsableLba 34 LastUsableLba 7814037134
GPT Header Guid eb1d885e-ce32-428b-84c1-edcf24fc1b24
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature bb5466567f2c2018
Backup GPT header Revision 453935873 Size 2912304164 CRC 1609228926
Backup GPT header CurrentLba = 7035058731877636490 BackupLba 3032709793171417436
Backup GPT header FirstUsableLba 1315812844752764187 LastUsableLba 13440163567150611475
Backup GPT header Guid 5ca6cde8-a13-4238-a01e-3e96fb6dfc5
Backup GPT header Contains 3267562096 partition entries starting at LBA 14241410710707491121
Backup GPT header Partition entry size = 2858871008
GPT header and Backup GPT header have conflicting data
Backup GPT partition header signature doesn't match "EFI PART" magic
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID edd56019-fc04-4b6a-84d-6139de2c5ea
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 904fd85c-be23-463b-8444-d37054de19a1
FirstLBA 264192 Last LBA 7814035455
Attributes 0
Partition Name Basic data partition
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 6, DevicePointer: 0xffffffff87fc39c0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87fc58b8, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fc42f8, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff87fc47f8, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87fc4978, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fc3598, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff87fc39c0, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87fc23d8, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff8772a030, DeviceName: \Device\Scsi\SI3112r1Port6Path1Target0Lun0\, DriverName: \Driver\SI3112r\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffadd9f058, 0xffffffff87fc39c0, 0xffffffff8a170418
Lower DeviceData: 0xffffffff8ae6ac38, 0xffffffff8772a030, 0xffffffff86f1d630
Drive 6
Scanning MBR on drive 6...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 266BBF05
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 6397432
GPT Header CurrentLba = 1 BackupLba 7814037167
GPT Header FirstUsableLba 34 LastUsableLba 7814037134
GPT Header Guid 98a3138e-11c4-4e18-a29d-72c7de9f299f
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature c6cae1682dce445
Backup GPT header Revision 2630401500 Size 3904783216 CRC 1177580804
Backup GPT header CurrentLba = 1683402442549235793 BackupLba 17501486350076372557
Backup GPT header FirstUsableLba 6907700306868687958 LastUsableLba 15868202527755939157
Backup GPT header Guid 7bafd0e0-e282-be61-95b2-cf571ab93c47
Backup GPT header Contains 2953864081 partition entries starting at LBA 15171630345738561171
Backup GPT header Partition entry size = 958613009
GPT header and Backup GPT header have conflicting data
Backup GPT partition header signature doesn't match "EFI PART" magic
Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 18fb98a-8d4e-4050-828c-8127bb143bb1
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID f29ae2e4-860a-43f9-a29a-4dd29d62427e
FirstLBA 264192 Last LBA 7814035455
Attributes 0
Partition Name Basic data partition
Disk Size: 4000787030016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 7, DevicePointer: 0xffffffff8a24aa08, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89746b28, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff89753578, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff88477758, DeviceName: Unknown, DriverName: \Driver\pssnap\
DevicePointer: 0xffffffff87203d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89751b60, DeviceName: Unknown, DriverName: \Driver\tdrpman273\
DevicePointer: 0xffffffff8a24aa08, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86fd3430, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff86fc1ca8, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0xffffffffb253b498, 0xffffffff8a24aa08, 0xffffffff86fdaac8
Lower DeviceData: 0xffffffff8aea6190, 0xffffffff86fc1ca8, 0xffffffff89dc0048
Drive 7
Scanning MBR on drive 7...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 31703008
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 16231956480 bytes
Sector size: 512 bytes
Done!
Read File: File "c:\programdata\avg2012\chjw\1a980f47980f20bd.dat:48a3a634-181a-4731-b7bc-3d0f7bce4203" is sparse (flags = 32768)
Scan finished
-
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
Database version: v2013.07.26.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
Frantheman7 :: FRANTHEMAN7-PC [administrator]
9/29/2013 10:28:38 PM
mbar-log-2013-09-29 (22-28-38).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 255005
Time elapsed: 8 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
the links not working,
I tried to run ESET OnlineScanner but it says that this website wants to install the following ad-on
onlineScanner.cab from ESET, spol, sr.o so I hit install and a pop-up saying the web browser needs to resend the info, so I hit retry
and wait but nothing happens.
I also clicked on esetsmartinstaller_enu.exe but again, nothing happens,
do you have a direct link to the scanner?
Thank you, Frantheman7
-
sorry, it's working and scanning the pc now
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
-
2nd log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
-
Ok, how's your computer running now?
-
Hello,
Thank you so much,
I think I'm going to call you SUPER DUPER DAVE from now on, with all do respect,
you are the best, I appreciate all the work you did, I hope you guys don't delete this thread,
so that I could go back to it in the future, again thank you so much.
oh by the way. my pc has never run any better.
Frantheman7.
-
Hello SuperDave,
I think I’m going to call you SUPER DUPER DAVE from now on, with all due respect.
Thank you so much for all the work you did to help me out, you are the best.
I appreciate everything you’ve done and I know it was a lot of work, again, thank you!
Your so nice I thank you twice :)
Frantheman7
-
That's good news. We just need to do some cleanup and we'll be done. This thread will remain but it will be locked.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
***************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
****************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Thank you SUPER DUPER DAVE,
a lot of really great information.
Frantheman7
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.