windows cannot access the specified device path or file

[lars911]

hello

i have a very annoying problem is that when i try to open most of the programs i get this error (windows cannot access the specified device path or file. you may not have appropriate permissions) i am using windows 7

what i have tried so far :

- right click and run as administrator

- right clicking the file and click on unblock ( there is no unblock button in windows 7 )

-using the Resident Shield Exceptions feature in avg ( i cant install avg )

-opening the file in safe mode

- creating another user and open the file from there

however i heard that Resident Shield Exceptions can fix this problem is there any other program like avg that offer this feature ?

thanks in advance

 

[tremmor]

try creating another admin profile under user accounts in the control panel then reboot or log off. Log into the new profile and try it. Or make sure you have admin rights in the first place.

 

[lars911]

yes it appears that i have full control over the file but still cant open it

also here is the error massage

also tried creating another admin user befoure but dident work

 

[Cromewell]

How many things is this happening on? If it's only a specific folder set (say under your documents or something) try taking ownership of it.

http://technet.microsoft.com/en-us/library/cc753659.aspx

If it's a lot of files, oyu may have somekind of malware messing your system up

 

[lars911]

it seems that i have ownership of the file but i still can't access it.

this problem also happens in google chrome and what wierd about it that the program run great for a while but it randomly get this error

i remember getting this error after i downloaded a file , so i think ya it is some kind of malware

thanks

 

[johnb35]

It's possible it may be malware? Have you tried doing a system restore back to a day that it was working fine? To scan your system for malware do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[bratsos]

That sound like encrypted protected files...

That happen when you install from windows, private file encryption, and then by force from another admin account, reset the account password of protected encrypted files...

If not that scenario, then try to copy some of this files, and run its from a another computer. If running OK, then try to disable the private file encryption from your HHD.

If not that case, simple try to make a scandisk for errors.
If not that fix the issue, try to fix the registry of your system.
But if the case is the encrypted files lost password, im no allowed from this forum to help you... How to restore an encrypted file.

 

[lars911]

thanks for the help guys i will try what you said then will say what happned

 

[lars911]

when i try a system scan and save a logfile with HijackThis it just work for one sec then disappears and give me that error again . but when that happed Rkill file started to work and when it done it gave me this log :

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/01/2011 at 5:48:16.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 12/01/2011 at 5:48:20.

 

[johnb35]

You must right click on hijackthis and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on hijackthis. Run malwarebytes after running rkill but do not reboot the system until after malwarebytes has been ran.

 

[lars911]

still after i install malwarebytes then run rkill then open malwarebytes and do system scan it shutoff 2 sec later and malwarebytes becomes infected by what ever that thing is

and when i try to install HijackThis i get this error :

 

[johnb35]

There may be more going on here then what meets the eye.

Ok, try this. Download the following file to a usb flash drive if possible or a black writable cd. Then boot to safe mode and copy it to your desktop screen. Then run it.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[lars911]

YES ! it got fixed thanks so much you are the best !

the malware name was rootkit zeroaccess....

the log files are soo long so i uploaded them in mediafire

here is the logs uploaded in mediafire

combofix log : http://www.mediafire.com/?nlt94w54rz39w92

HiJackThis log : http://www.mediafire.com/?ju2uf3wid6613nw

my computer now is running great all programs are running good except HiJackThis which i still get error

i was able to use HiJackThis and scaning with it because i was just unpacking the install file and run it directly from there without installing it .. it is not a big deal through because the main problem is now gone thanks to you

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:05:59 ã, on 02/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera\opera.exe
F:\HiJackThis\Icon.HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=100581
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O23 - Service: AcerSyncServiceWinService - Unknown owner - C:\Program Files\Acer\AcerSync\AcerSyncService.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CKDKLN - Unknown owner - C:\Users\ma\AppData\Local\Temp\CKDKLN.exe (file missing)
O23 - Service: Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
O23 - Service: Connectify - Connectify - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: ÎÏãÉ Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LZKIEM - Unknown owner - C:\Users\ma\AppData\Local\Temp\LZKIEM.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (file missing)
O23 - Service: TXYYQSDM - Unknown owner - C:\Users\ma\AppData\Local\Temp\TXYYQSDM.exe (file missing)
O23 - Service: VDFUBFO - Unknown owner - C:\Users\ma\AppData\Local\Temp\VDFUBFO.exe (file missing)
O23 - Service: VHLHMT - Unknown owner - C:\Users\ma\AppData\Local\Temp\VHLHMT.exe (file missing)
O23 - Service: XG - Unknown owner - C:\Users\ma\AppData\Local\Temp\XG.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8259 bytes

 

[johnb35]

I'm posting the combofix log for the user as its easier to read.

ComboFix 11-12-02.01 - ma 12/02/2011 20:32:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.3068.2148 [GMT 2:00]
Running from: c:\users\Public\Pictures\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\data
c:\data\default\us_sres.data
C:\ErrLog.txt
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Spyware Cease
c:\program files\Spyware Cease\AutoUpdate.exe
c:\program files\Spyware Cease\bmgac
c:\program files\Spyware Cease\dxddd
c:\program files\Spyware Cease\fp.fpl
c:\program files\Spyware Cease\hrdb.hrl
c:\program files\Spyware Cease\idamx
c:\program files\Spyware Cease\iflee
c:\program files\Spyware Cease\ls.dat
c:\program files\Spyware Cease\LSR.lsr
c:\program files\Spyware Cease\md5.dll
c:\program files\Spyware Cease\mtools.dll
c:\program files\Spyware Cease\networkdll.dll
c:\program files\Spyware Cease\opfile.dll
c:\program files\Spyware Cease\QAreaDLL.dll
c:\program files\Spyware Cease\RkHitApi.dll
c:\program files\Spyware Cease\sctdll.dll
c:\program files\Spyware Cease\spkdll.dll
c:\program files\Spyware Cease\SpywareCease.chm
c:\program files\Spyware Cease\SpywareCease.exe
c:\program files\Spyware Cease\SpywareCease.url
c:\program files\Spyware Cease\udefend.dll
c:\program files\Spyware Cease\unins000.dat
c:\program files\Spyware Cease\unins000.exe
c:\program files\Spyware Cease\update\Update.ini
c:\program files\Spyware Cease\ussafe.dll
c:\program files\Spyware Cease\vf
c:\program files\Spyware Cease\vsn.lst
c:\program files\Spyware Cease\wcfile.lst
c:\program files\Spyware Cease\wl.swl
c:\program files\Spyware Cease\xxcum
c:\program files\Spyware Cease\zlib1.dll
c:\program files\Spyware Process Detector
c:\program files\Spyware Process Detector\Base\good.spd
c:\program files\Spyware Process Detector\Base\process.spd
c:\program files\Spyware Process Detector\Base\startup.spd
c:\program files\Spyware Process Detector\Base\system.spd
c:\program files\Spyware Process Detector\Help\english.chm
c:\program files\Spyware Process Detector\Help\english.mnl
c:\program files\Spyware Process Detector\Plugin\belarusian.lng
c:\program files\Spyware Process Detector\Plugin\bulgarian.lng
c:\program files\Spyware Process Detector\Plugin\czech.lng
c:\program files\Spyware Process Detector\Plugin\deutsch.lng
c:\program files\Spyware Process Detector\Plugin\english.lng
c:\program files\Spyware Process Detector\Plugin\francais.lng
c:\program files\Spyware Process Detector\Plugin\hungarian.lng
c:\program files\Spyware Process Detector\Plugin\italian.lng
c:\program files\Spyware Process Detector\Plugin\romanian.lng
c:\program files\Spyware Process Detector\Plugin\russian.lng
c:\program files\Spyware Process Detector\register.url
c:\program files\Spyware Process Detector\spd322.cfg
c:\program files\Spyware Process Detector\spd322.dll
c:\program files\Spyware Process Detector\spd322.exe
c:\program files\Spyware Process Detector\spd322.sys
c:\program files\Spyware Process Detector\spydetector.url
c:\program files\Spyware Process Detector\Uninstall\IssSurvey.dll
c:\program files\Spyware Process Detector\Uninstall\IssSurvey.ini
c:\program files\Spyware Process Detector\Uninstall\unins000.dat
c:\program files\Spyware Process Detector\Uninstall\unins000.exe
c:\program files\Windows Searchqu Toolbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Process Detector
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Process Detector\Online Registration.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Process Detector\Spyware Process Detector v3.22.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Process Detector\User Manual.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Spyware Process Detector\Visit our Site.lnk
C:\Thumbs.db
c:\users\ma\AppData\Local\Setup.exe
c:\users\ma\AppData\Roaming\addons.dat
c:\users\ma\AppData\Roaming\desktop.ini
c:\users\ma\AppData\Roaming\L3G!T-Labs\jdvs
c:\users\ma\AppData\Roaming\ntuser.dat
c:\users\ma\kfql59xacm.exe
c:\windows\$NtUninstallKB7045$
c:\windows\$NtUninstallKB7045$\1258669978
c:\windows\$NtUninstallKB7045$\270660699\@
c:\windows\$NtUninstallKB7045$\270660699\L\xadqgnnk
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\1542725904
c:\windows\174926236
c:\windows\7Loader.TAG
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\
c:\windows\system32\BReWErS.dll
c:\windows\system32\c_08084.nl_
c:\windows\system32\c_08084.nls
c:\windows\system32\Cache
c:\windows\system32\drivers\zbvkirtst9.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\SARCheck.dll
c:\windows\system32\tmp.tmp
C:\www.google.com.htm
.
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - The cat found it
c:\windows\system32\atiesrxx.exe . . . is infected!!
c:\windows\system32\atiesrxx.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected
Restored copy from - c:\program files\Bonjour\
.
Infected copy of c:\program files\Connectify\ConnectifyService.exe was found and disinfected
Restored copy from - c:\program files\Connectify\
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\program files\Google\Update\
.
Infected copy of c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe was found and disinfected
Restored copy from - c:\program files\Norton AntiVirus\Engine\18.6.0.29\
.
Infected copy of c:\program files\PC Connectivity Solution\ServiceLayer.exe was found and disinfected
Restored copy from - c:\program files\PC Connectivity Solution\
.
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe . . . is infected!!
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE was found and disinfected
Restored copy from - c:\program files\Common Files\microsoft shared\Windows Live\
.
Infected copy of c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe was found and disinfected
Restored copy from - c:\program files\Yahoo!\SoftwareUpdate\
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_1021f45b
-------\Service_RkHit
-------\Service_T
-------\Legacy_spd3ssl
-------\Legacy_zbvkirtst9
-------\Legacy_spd3ssl
-------\Service_spd3ssl
-------\Service_zbvkirtst9
-------\Service_spd3ssl
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 18:43 . 2011-12-02 18:47 -------- d-----w- c:\users\ma\AppData\Local\temp
2011-12-02 18:43 . 2011-12-02 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 18:43 . 2011-12-02 18:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-01 12:02 . 2011-12-01 12:02 -------- d-----w- c:\users\ma\AppData\Roaming\vghd
2011-12-01 04:20 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 23:20 . 2011-10-31 09:22 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-11-28 16:01 . 2011-11-29 12:09 -------- d-----w- c:\users\ma\AppData\Local\Samsung
2011-11-28 15:56 . 2011-10-27 01:25 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-11-28 15:56 . 2011-10-27 01:25 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-11-28 15:56 . 2011-10-27 01:25 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-11-28 15:56 . 2011-10-27 01:25 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-11-28 15:56 . 2011-10-27 01:25 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-28 15:56 . 2011-10-27 01:25 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-11-28 15:56 . 2011-10-27 01:25 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-11-28 15:56 . 2011-10-27 01:25 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-11-28 15:56 . 2011-10-27 01:25 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-11-28 15:56 . 2011-10-27 01:25 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-11-28 15:55 . 2011-10-27 01:25 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-11-28 15:55 . 2011-10-27 01:25 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-11-28 15:55 . 2011-10-27 01:25 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-11-28 15:55 . 2011-10-27 01:25 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-11-28 15:55 . 2011-10-27 01:25 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-11-28 15:55 . 2011-10-27 01:25 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-11-28 15:55 . 2011-10-27 01:25 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-11-28 15:53 . 2011-10-31 09:22 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-11-25 04:28 . 2011-11-25 04:30 -------- d-----w- c:\users\loda
2011-11-25 04:25 . 2011-11-25 04:25 94896 ----a-w- c:\windows\system32\drivers\49096678.sys
2011-11-25 04:25 . 2011-11-25 04:25 94896 ----a-w- c:\windows\system32\drivers\60885264.sys
2011-11-25 04:24 . 2011-11-25 04:24 94896 ----a-w- c:\windows\system32\drivers\65446781.sys
2011-11-25 04:21 . 2011-11-25 04:21 0 ----a-w- c:\users\ma\AppData\Local\BITD825.tmp
2011-11-25 04:12 . 2011-11-25 04:12 0 ----a-w- c:\users\ma\AppData\Local\BITD138.tmp
2011-11-25 02:32 . 2011-12-01 04:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-23 13:31 . 2011-11-23 13:43 -------- d-----w- c:\program files\DISCIPLINE
2011-11-21 14:53 . 2011-11-21 14:53 -------- d-----w- c:\users\ma\Livestation
2011-11-21 14:53 . 2011-11-21 14:53 -------- d-----w- c:\users\ma\AppData\Roaming\Mchid
2011-11-21 14:53 . 2011-11-21 14:53 -------- d-----w- c:\users\ma\AppData\Roaming\Livestation
2011-11-21 14:52 . 2011-11-21 14:52 -------- d-----w- c:\program files\OpenAL
2011-11-21 14:52 . 2011-11-21 14:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-21 14:52 . 2011-11-21 14:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-17 23:53 . 2011-11-18 01:29 -------- d-----w- c:\program files\DownVision
2011-11-17 23:52 . 2011-11-17 23:52 460624 ----a-w- c:\users\ma\AppData\Local\promo.exe
2011-11-14 17:25 . 2011-11-29 20:44 -------- d-----w- c:\users\ma\AppData\Roaming\Samsung
2011-11-14 15:04 . 2011-11-14 15:04 -------- d-----w- c:\program files\MarkAny
2011-11-14 15:03 . 2011-11-29 20:45 -------- d-----w- c:\programdata\Samsung
2011-11-14 15:03 . 2011-11-29 20:45 -------- d-----w- c:\program files\Samsung
2011-11-12 20:50 . 2011-11-12 20:50 -------- d-----w- c:\users\ma\AppData\Local\Skyrim
2011-11-11 21:25 . 2011-11-11 21:25 -------- d-----w- c:\program files\Apple Software Update
2011-11-10 01:45 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-10 01:45 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-10 01:05 . 2011-11-11 20:38 -------- d-----w- c:\users\ma\AppData\Roaming\redsn0w
2011-11-09 12:20 . 2011-11-14 16:25 -------- d-----w- c:\program files\iPod
2011-11-09 12:20 . 2011-11-09 12:22 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 17:32 . 2011-05-20 16:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 14:01 . 2009-07-13 23:11 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2011-11-02 12:51 . 2011-11-02 12:50 783 ----a-w- c:\programdata\1320237980.8128.bin
2011-11-02 12:51 . 2011-11-02 12:50 3255 ----a-w- c:\programdata\1320237980.8124.bin
2011-11-02 12:51 . 2011-11-02 12:46 11037 ----a-w- c:\programdata\1320237980.2952.bin
2011-11-02 12:51 . 2011-11-02 12:46 28797 ----a-w- c:\programdata\1320237980.4720.bin
2011-11-02 12:51 . 2011-11-02 12:50 507 ----a-w- c:\programdata\1320237980.8012.bin
2011-11-02 12:51 . 2011-11-02 12:46 2832 ----a-w- c:\programdata\1320237980.3444.bin
2011-11-02 12:50 . 2011-11-02 12:46 1304 ----a-w- c:\programdata\1320237980.5140.bin
2011-11-02 12:50 . 2011-11-02 12:46 5518 ----a-w- c:\programdata\1320237980.4900.bin
2011-11-02 12:46 . 2011-11-02 12:46 8624 ----a-w- c:\programdata\1320237980.2540.bin
2011-10-31 09:22 . 2011-10-31 09:22 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-10-31 09:22 . 2011-10-31 09:22 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-10-31 09:22 . 2011-10-31 09:22 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-10-31 09:22 . 2011-10-31 09:22 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-10-31 09:22 . 2011-10-31 09:22 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-10-31 09:22 . 2011-10-31 09:22 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-10-31 09:22 . 2011-10-31 09:22 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-10-31 09:22 . 2011-10-31 09:22 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-10-31 09:22 . 2011-10-31 09:22 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-10-31 09:22 . 2011-10-31 09:22 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-10-31 09:22 . 2011-10-31 09:22 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-10-31 09:22 . 2011-10-31 09:22 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-10-31 09:22 . 2011-10-31 09:22 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-10-31 09:22 . 2011-10-31 09:22 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-10-31 09:22 . 2011-10-31 09:22 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-10-31 09:22 . 2011-10-31 09:22 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-10-31 09:22 . 2011-10-31 09:22 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-10-31 09:22 . 2011-10-31 09:22 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-10-31 09:22 . 2011-10-31 09:22 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-10-31 09:22 . 2011-10-31 09:22 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-10-31 09:22 . 2011-10-31 09:22 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-10-31 09:22 . 2011-10-31 09:22 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-10-31 09:22 . 2011-10-31 09:22 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-10-31 09:22 . 2011-10-31 09:22 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-10-31 09:22 . 2011-10-31 09:22 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-09-15 13:59 . 2011-09-15 13:55 25271 ----a-w- c:\programdata\1316094932.808.bin
2011-09-15 13:59 . 2011-09-15 13:55 24807 ----a-w- c:\programdata\1316094932.4828.bin
2011-09-15 13:58 . 2011-09-15 13:55 2832 ----a-w- c:\programdata\1316094932.4824.bin
2011-09-15 13:57 . 2011-09-15 13:57 507 ----a-w- c:\programdata\1316094932.1976.bin
2011-09-15 13:57 . 2011-09-15 13:56 1304 ----a-w- c:\programdata\1316094932.5548.bin
2011-09-15 13:57 . 2011-09-15 13:55 5518 ----a-w- c:\programdata\1316094932.3804.bin
2011-09-15 13:56 . 2011-09-15 13:55 9108 ----a-w- c:\programdata\1316094932.4868.bin
2011-09-15 00:17 . 2011-08-07 15:06 388096 ----a-w- c:\windows\system32\drivers\csc.sys
2011-09-14 22:25 . 2011-09-14 22:25 133001 ----a-w- c:\programdata\1316039083.bdinstall.bin
2011-09-14 21:36 . 2011-09-14 21:36 15526 ----a-w- c:\programdata\1316036191.bdinstall.bin
2011-09-14 21:36 . 2011-09-14 21:36 89035 ----a-w- c:\programdata\1316036123.bdinstall.bin
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2011-09-14 02:53 . 2011-09-14 02:53 36352 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-09-13 08:04 . 2011-08-07 15:04 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-13 03:18 . 2011-09-13 03:18 717 ----a-w- c:\programdata\1315883904.2904.bin
2011-09-13 03:18 . 2011-09-13 03:18 459 ----a-w- c:\programdata\1315883904.1832.bin
2011-09-13 03:18 . 2011-09-13 03:18 442 ----a-w- c:\programdata\1315883904.2320.bin
2011-09-13 03:18 . 2011-09-13 03:18 462 ----a-w- c:\programdata\1315883904.3128.bin
2011-09-13 03:18 . 2011-09-13 03:18 24078 ----a-w- c:\programdata\1315883904.3020.bin
2011-09-13 02:23 . 2011-09-13 02:23 459 ----a-w- c:\programdata\1315880570.3144.bin
2011-09-13 02:23 . 2011-09-13 02:23 396 ----a-w- c:\programdata\1315880570.3208.bin
2011-09-13 02:23 . 2011-09-13 02:22 643 ----a-w- c:\programdata\1315880570.884.bin
2011-09-13 02:23 . 2011-09-13 02:22 24079 ----a-w- c:\programdata\1315880570.2708.bin
2011-09-13 02:23 . 2011-09-13 02:22 462 ----a-w- c:\programdata\1315880570.3908.bin
2011-09-08 18:26 . 2011-09-08 18:26 8606208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\system32\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-05-25 03:07 732672 ----a-w- c:\windows\system32\aticfx32.dll
2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-09-08 17:28 . 2011-09-08 17:28 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28 20992 ----a-w- c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-09-08 17:24 . 2010-10-07 01:29 4204032 ----a-w- c:\windows\system32\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-09-08 17:08 . 2011-05-25 02:50 4064768 ----a-w- c:\windows\system32\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\system32\aticaldd.dll
2011-09-08 17:05 . 2011-05-25 02:39 4289024 ----a-w- c:\windows\system32\atiumdag.dll
2011-09-08 16:59 . 2011-05-25 02:18 52736 ----a-w- c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\system32\atiadlxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52 248832 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:51 . 2011-05-25 02:24 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-09-08 16:51 . 2011-05-25 02:24 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\system32\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2011-09-06 02:28 . 2011-10-12 18:03 2334720 ----a-w- c:\windows\system32\win32k.sys
2010-12-02 04:16 . 2011-02-25 10:17 675840 ----a-w- c:\program files\Uninstall OurBabymaker.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-18 1242448]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-21 6276408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-29 399736]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-02 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-07-29 9267816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-11-02 928656]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-11-02 3508624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, mevgtvfp.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 41022098;41022098;c:\windows\system32\drivers\00324302.sys [x]
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [2011-04-19 802936]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\Drivers\removeany.sys [2011-03-28 11392]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568]
R2 AcerSyncServiceWinService;AcerSyncServiceWinService;c:\program files\Acer\AcerSync\AcerSyncService.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-12-02 130008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
R3 42475455;42475455;c:\windows\system32\drivers\60885264.sys [2011-11-25 94896]
R3 48375230;48375230;c:\windows\system32\drivers\65446781.sys [2011-11-25 94896]
R3 89240295;89240295;c:\windows\system32\drivers\49096678.sys [2011-11-25 94896]
R3 a2acc;a2acc;c:\program files\MAMUTU\a2accx86.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 30312]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-10 16720]
R3 CKDKLN;CKDKLN;c:\users\ma\AppData\Local\Temp\CKDKLN.exe [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-24 29248]
R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
R3 gupdatem;ÎÏãÉ Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2011-07-17 101120]
R3 LZKIEM;LZKIEM;c:\users\ma\AppData\Local\Temp\LZKIEM.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6779.tmp [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-12 3461132]
R3 PORTIO64;PORTIO64;c:\users\ma\Documents\Downloads\Compressed\New folder\JungleFlasher_v0.1.77_Beta_(179)\JungleFlasher v0.1.77 Beta (179)\portio32.sys [x]
R3 ProDefense;ProDefense;c:\windows\system32\drivers\ProDefense.sys [x]
R3 qcusbser;ACER USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-10-13 112672]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-30 10064]
R3 TXYYQSDM;TXYYQSDM;c:\users\ma\AppData\Local\Temp\TXYYQSDM.exe [x]
R3 VDFUBFO;VDFUBFO;c:\users\ma\AppData\Local\Temp\VDFUBFO.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VHLHMT;VHLHMT;c:\users\ma\AppData\Local\Temp\VHLHMT.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400]
R3 XDva347;XDva347;c:\windows\system32\XDva347.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XG;XG;c:\users\ma\AppData\Local\Temp\XG.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110330.001\IDSVix86.sys [2011-03-15 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [2011-12-02 108544]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 8606208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 248832]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-24 29248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home?AF=100581
uInternet Settings,ProxyOverride = local;*.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-spdetector3 - c:\program files\Spyware Process Detector\spd322.exe
HKCU-Run-Akamai NetSession Interface - c:\users\ma\AppData\Local\Akamai\netsession_win.exe
HKCU-Run-Livestation - c:\program files\Livestation\Livestation.exe
HKCU-Run-Privacy Protection - c:\programdata\privacy.exe
HKCU-Run-Microsoft Firewall 2.9 - c:\users\ma\AppData\Roaming\WMPRWISE.EXE
HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
SafeBoot-15821059.sys
SafeBoot-16045905.sys
SafeBoot-41022098.sys
SafeBoot-54046235.sys
SafeBoot-58088765.sys
SafeBoot-62762315.sys
SafeBoot-66918256.sys
SafeBoot-72181656.sys
SafeBoot-82143056.sys
MSConfigStartUp-kfql59xacm - c:\users\ma\kfql59xacm.exe
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
AddRemove-Spyware Process Detector_is1 - c:\program files\Spyware Process Detector\Uninstall\unins000.exe
AddRemove-thriXXX WebLaunch - c:\program files\thriXXX\WebLaunch\WebLaunchUninstall.exe
AddRemove-vghd - d:\vghd\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.

 

[johnb35]

Balance of combofix log.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6779.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Photo Manager 12.ico"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2002669924-3712106259-1423701447-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D5406128-A6DA-2112-0F8B-133EF4E74F8F}*]
"nabbfjnfainppcbmlbcdmokcgjmd"=hex:6a,61,65,61,66,70,65,69,6a,62,66,6a,6e,65,
6a,67,6b,6d,61,68,00,f5
"oahapildmhaicpaijhohhapobbebem"=hex:6a,61,65,61,66,70,65,69,6b,62,63,6b,6f,63,
69,6c,69,68,66,67,00,f5
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e2,6d,ea,1d,27,6f,dd,dd,2a,c0,19,89,b1,3b,f4,da,7a,b7,9a,a9,85,
76,4e,94,55,f8,cc,9f,a9,39,15,22,02,c0,dd,52,d1,5d,1c,92,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2002669924-3712106259-1423701447-1000_Classes\CLSID\{867611a4-df23-45bc-8a65-7445cad0b3d2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bd
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5592)
c:\windows\system32\VSFilter.dll
c:\windows\system32\DivXDecH264.ax
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Connectify\Connectifyd.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-12-02 20:54:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-02 18:54
.
Pre-Run: 3,938,914,304 bytes free
Post-Run: 1,475,891,200 bytes free
.
- - End Of File - - 1A2ED2E27A522CFD54DFED749989AC55

 

[johnb35]

OMG. You still have a mess here. You are still buggered up. I will need time to give you your next procedures to do.

However, I need you to post a log that combofix created for us but didn't show you. Please navigate to C:\Qoobox and in that folder will be a file named "add-remove programs.txt." Please copy and paste the contents of that file in your next reply. Then give me a few hours to get my next reply together. I have things here at home to get done in the next 2 hours so I won't reply until later evening.

 

[lars911]

ok here it is and take your time :

µTorrent
7-Zip 4.65
ACDSee Pro 3
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.4.6
ALO RM to MP3 Converter 7.0
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Software Update
AVG 2012
Babarosa Gif Animator 3.6 (Remove only)
Babylon toolbar on IE
Bandisoft MPEG-1 Decoder
BBSAK
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
Cheat Engine 6.1
Connectify
D3DX10
Demonbane USA 1.0
Desktop Lighter
Dragon Age 2 - LEGACY 1.03
Dragon Age II
eMule
EUU
Fable III
Fallout New Vegas
Family Project v1.0
Feedback Tool
FormatFactory 2.70
Fraps (remove only)
GATES TO AESGAARD - Episode 1
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
ImageShack Uploader 2.2.0
ImagXpress
Java 3D 1.5.1
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Codec Pack 7.6.0 (Basic)
KeyHoleTV
L&H TTS3000 British English
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel Viewer
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 ????
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word 2002
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minecraft Installer 2.1.0 by Kaise123
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
Noise Reduction Plug-in 2.0i
Nokia Connectivity Cable Driver
OpenAL
Opera 11.52
Pando Media Booster
Patch It v2.0
PC Connectivity Solution
PowerISO
ProxyFirewall 1.0.4 Beta
Realtek High Definition Audio Driver
Recover My Files
Runecats Explorer Zeox
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SanityCheck 2.01
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Spyware Process Detector v3.22.2
Standalone Flash Player 1.2
Steam
System Requirements Lab
System Requirements Lab CYRI
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.1
Windows 7 Codec Pack 3.3.0
Windows Driver Package - ACER Incorporated (qcusbser) Modem (10/12/2009 2.0.6.6)
Windows Driver Package - ACER Incorporated (qcusbser) Ports (10/12/2009 2.0.6.6)
Windows Driver Package - ACER Incorporated (qcusbser) Ports (10/13/2009 2.0.6.6)
Windows Driver Package - ACER Incorporated (usbser) Modem (10/13/2009 5.1.2600.2910)
Windows Driver Package - Acer, Inc (androidusb) USB (10/12/2009 1.0.0010.00000)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
Windows Movie Maker 2.6
WinUtilities 10.36 Professional Edition
XPort 360
Yahoo! BrowserPlus 2.6.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YUME MIRU KUSURI
Zoner Photo Studio 12

 

[johnb35]

Ok, i'm starting on this now. However, in the meantime, I would like for you to do the following in order. Zero access rootkit is pretty nasty.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

2.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

 

[johnb35]

I have noticed that you have file sharing software installed like Emule and Utorrent and is most likely how you became infected. I advise you to uninstall the following programs AND any illegal/pirated software that you may have installed.

TuneUp Utilities 2011
TuneUp Utilities Language Pack
WinUtilities 10.36 Professional Edition
Spyware Process Detector v3.22.2
Recover My Files
ProxyFirewall 1.0.4 Beta
Java(TM) 6 Update 22
µTorrent
Babylon toolbar on IE
eMule

Next you need to download and run the norton removal tool since you have leftover entries from that program.

Download and run this.

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

File::
c:\windows\system32\drivers\49096678.sys
c:\windows\system32\drivers\60885264.sys       
c:\windows\system32\drivers\65446781.sys
c:\users\ma\AppData\Local\BITD825.tmp
c:\users\ma\AppData\Local\BITD138.tmp
c:\programdata\1320237980.8128.bin
c:\programdata\1320237980.8124.bin
c:\programdata\1320237980.2952.bin
c:\programdata\1320237980.4720.bin
c:\programdata\1320237980.8012.bin
c:\programdata\1320237980.3444.bin
c:\programdata\1320237980.5140.bin
c:\programdata\1320237980.4900.bin
c:\programdata\1320237980.2540.bin
c:\programdata\1316094932.808.bin
c:\programdata\1316094932.4828.bin
c:\programdata\1316094932.4824.bin
c:\programdata\1316094932.1976.bin
c:\programdata\1316094932.5548.bin
c:\programdata\1316094932.3804.bin
c:\programdata\1316094932.4868.bin
c:\programdata\1316039083.bdinstall.bin
c:\programdata\1316036191.bdinstall.bin
c:\programdata\1316036123.bdinstall.bin
c:\programdata\1315883904.2904.bin
c:\programdata\1315883904.1832.bin
c:\programdata\1315883904.2320.bin
c:\programdata\1315883904.3128.bin
c:\programdata\1315883904.3020.bin
c:\programdata\1315880570.3144.bin
c:\programdata\1315880570.3208.bin
c:\programdata\1315880570.884.bin
c:\programdata\1315880570.2708.bin
c:\windows\system32\drivers\00324302.sys 
c:\windows\system32\drivers\60885264.sys
c:\windows\system32\drivers\65446781.sys 
c:\programdata\1315880570.3908.bin
c:\windows\system32\drivers\49096678.sys 
c:\users\ma\AppData\Local\Temp\CKDKLN.exe 
c:\windows\system32\6779.tmp 
c:\users\ma\AppData\Local\Temp\LZKIEM.exe 

Driver::

41022098
42475455
48375230
89240295
TXYYQSDM
LZKIEM
VDFUBFO
VHLHMT
XDva347
XDva352
XDva358
CKDKLN
XG
MEMSWEEP2

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[lars911]

-TDSSkiller didn't find any infected files

-ESET found 50 threats

C:\Documents and Settings\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe Win32/Patched.HN trojan
C:\Documents and Settings\ma\AppData\Local\promo.exe a variant of Win32/SoGeInstaller.A application
C:\Documents and Settings\ma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\105a15cb-527dfea6 a variant of Win32/TrojanDownloader.Small.PIE trojan
C:\Documents and Settings\ma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\567adf6a-52ce6388 a variant of Win32/TrojanDownloader.Small.PIE trojan
C:\Documents and Settings\ma\Downloads\SoftonicDownloader_for_internet-explorer.exe a variant of Win32/SoftonicDownloader.A application
C:\Documents and Settings\ma\Downloads\Programs\cnet_DLighterSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\ma\Downloads\Programs\cnet_Unlocker1_9_1_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\ma\Downloads\Programs\registryeasy_lite.exe Win32/Adware.RegistryEasy application
C:\Documents and Settings\ma\Downloads\Programs\SoftonicDownloader_for_flashoffliner.exe a variant of Win32/SoftonicDownloader.A application
C:\Documents and Settings\ma\Downloads\Programs\SoftonicDownloader_for_unlocker.exe a variant of Win32/SoftonicDownloader.A application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe Win32/Patched.HN trojan
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Connectify\ConnectifyService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\PC Connectivity Solution\ServiceLayer.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Spyware Cease\AutoUpdate.exe.vir Win32/Adware.SpywareCease application
C:\Qoobox\Quarantine\C\Program Files\Spyware Cease\opfile.dll.vir Win32/Adware.SpywareCease application
C:\Qoobox\Quarantine\C\Program Files\Spyware Cease\RkHitApi.dll.vir Win32/Adware.SpywareCease application
C:\Qoobox\Quarantine\C\Program Files\Spyware Cease\spkdll.dll.vir Win32/Adware.SpywareCease application
C:\Qoobox\Quarantine\C\Program Files\Spyware Cease\SpywareCease.exe.vir a variant of Win32/Adware.SpywareCease application
C:\Qoobox\Quarantine\C\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Users\ma\kfql59xacm.exe.vir Win32/Wigon.OX trojan
C:\Qoobox\Quarantine\C\Windows\1542725904.vir:4024306596.exe Win32/Sirefef.CT trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan
C:\Qoobox\Quarantine\C\Windows\system32\atiesrxx.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Windows\system32\c_08084.nl_.vir a variant of Win32/Sirefef.CR trojan
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan
C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe Win32/Patched.HN trojan
C:\Users\ma\AppData\Local\promo.exe a variant of Win32/SoGeInstaller.A application
C:\Users\ma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\105a15cb-527dfea6 a variant of Win32/TrojanDownloader.Small.PIE trojan
C:\Users\ma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\567adf6a-52ce6388 a variant of Win32/TrojanDownloader.Small.PIE trojan
C:\Users\ma\Downloads\SoftonicDownloader_for_internet-explorer.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\ma\Downloads\Programs\cnet_DLighterSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\ma\Downloads\Programs\cnet_Unlocker1_9_1_exe.exe a variant of Win32/InstallCore.D application
C:\Users\ma\Downloads\Programs\registryeasy_lite.exe Win32/Adware.RegistryEasy application
C:\Users\ma\Downloads\Programs\SoftonicDownloader_for_flashoffliner.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\ma\Downloads\Programs\SoftonicDownloader_for_unlocker.exe a variant of Win32/SoftonicDownloader.A application
C:\Windows\System32\atieclxx.exe Win32/Patched.HN trojan
C:\Windows\System32\Crypserv.exe Win32/Patched.HN trojan
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys a variant of Win32/Rootkit.Kryptik.DM trojan
D:\pdf and decoumns\pdf.pdf PDF/Exploit.Gen trojan
D:\Spyase+rial\Spyware.Cease.v6.2.2\SpywareCease_Setup.exe a variant of Win32/Adware.SpywareCease application
F:\d949df467d236466e04e\Setup.exe Win32/Patched.HN trojan
F:\media\???\netcut2.08.exe probably a variant of Win32/Agent.DYWPBNJ trojan