Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Cannot run or access anti-virus systems and microsoft websites

(In Progress)
(!)

lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
16-Jul-2012, 05:35 AM #1
Exclamation Cannot run or access anti-virus systems and microsoft websites
Hi there,

Recently have had some issues with Google Chrome not opening when I double-click the icon. I then searched online and found it may have been conflicting with AVG antivirus. So I uninstalled it and now everything seems to be going wrong - I can't even activate windows defender.

I tried to look for people who have similar issues and managed to run my Malwarebyte (by naming it .com rather than .exe), but it won't update and even after deleting the found infections, nothing really changed.

Currently Google chrome still doesn't work and I can't run any anti-virus systems, nor can I access anti-virus websites and microsoft websites, because a page comes up that say "failed to open page" (also can't go on bleepingcomputer to download some software - but I found them on different mirror links)

I can still access other websites, but without any anti-virus systems working.

Please please kindly help me with this issue. I followed the thread on posting questions and have attached everything as requested, except for the Gmer scan.

I ran a full scan on Sunday morning and after 6 hours it was still running. I saw it was taking a long time scanning some Rosetta Stone (language learning software), so I uninstalled and deleted all my spanish collection... I then ran another scan on Sunday evening but this morning it is still running! So I stopped it and attached the log for only the quick scan - I hope this is ok...


I took the day off work today, so hopefully can reply to response promptly, otherwise will be able to follow up during evenings (so apologies in advance if during the day I cannot respond)

Really appreciate this, thanks!!


HIJACKTHIS log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:21:09, on 15/07/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FileServe Toolbar\FileServeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FileServe Toolbar\FileServeVideoToMp3.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\user\AppData\Local\kbxco qfl\sepoyqoc.exe,
O2 - BHO: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: FileServe Toolbar - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - "C:\Program Files\FileServe Toolbar\fileservetb.dll" (file missing)
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SepOyqoc] C:\Users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://firepass.kcl.ac.uk
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} (VBIRDPlayer.Player) - http://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} (EZKeytecWeb Class) - https://www.epost.go.kr/comm/easykeytec/easykeytec.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab...ri_4.3.1.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel« PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FileServe Toolbar Helper - Unknown owner - C:\Program Files\FileServe Toolbar\FileServeSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel« PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 18652 bytes



DDS log:


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by user at 20:22:37 on 2012-07-15
Microsoft« Windows VistaÖ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1866 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FileServe Toolbar\FileServeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\FileServe Toolbar\FileServeVideoToMp3.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Safari\Safari.exe
C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\user\appdata\local\kbxco qfl\sepoyqoc.exe,
BHO: FileServeManager: {00000001-ab3b-4334-9da2-ec6b2a02afc6} - c:\program files\fileserve manager\FileServeBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: FileServe Toolbar: {0e91efa2-af48-4333-9965-5dd29de31b56} - "c:\program files\fileserve toolbar\fileservetb.dll"
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SepOyqoc] c:\users\user\appdata\local\kbxcoqfl\sepoyqoc.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: hsbc.co.uk\staffremoteaccess1
Trusted Zone: kcl.ac.uk\firepass
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Trusted Zone: windowsupdate.com\download
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{860D42D6-BF91-443B-A831-C7B15D384F31} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\vdoydmp9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3115642&SearchSource=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: network.proxy.ftp - 194.36.10.156
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 80.163.85.134
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 194.36.10.156
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 194.36.10.156
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 194.36.10.156
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\n prpffbrowserrecordlegacyext.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\vdoydmp9.default\ext ensions\{0851d9cd-87db-4a0d-a792-097dc9071486}\components\DownloadStudioNativeWrapper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\space international\easykeytec v2.0\npEZKeytecPlugin.dll
FF - plugin: c:\program files\space international\easykeytec v2.0\npEZKeytecPlugins.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-12-26 43184]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-8-11 66776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 FileServe Toolbar Helper;FileServe Toolbar Helper;c:\program files\fileserve toolbar\FileServeSvc.exe [2011-1-6 260896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-12-26 3471360]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-12-26 233472]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-5-16 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-17 114528]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-1-8 33792]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-1-15 17152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-15 19:19:23 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-15 19:19:22 -------- d-----w- c:\program files\Trend Micro
2012-07-15 13:04:56 -------- d-----r- c:\program files\Skype
2012-07-15 11:56:56 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
2012-07-15 11:56:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-15 11:56:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-15 00:12:55 -------- d-s---w- C:\ComboFix
2012-07-14 00:24:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 00:24:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-13 22:48:51 -------- d-----w- c:\programdata\Simply Super Software
2012-07-13 22:45:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-12 23:57:47 -------- d-----w- c:\users\user\appdata\local\kbxcoqfl
2012-07-10 23:57:24 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:50:11 -------- d-----w- C:\904a9e0e8b87cd05f2
2012-07-10 23:43:39 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-10 23:43:36 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 23:43:36 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 23:43:14 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 23:43:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 23:43:14 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-21 21:41:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:40:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:40:21 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 21:40:21 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-11 18:47:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 18:47:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-27 11:03:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 20:23:46.73 ===============




Please see attachment for "Attach" log



ARK log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-16 10:13:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C
Running: ttnme22.com; Driver: C:\Users\user\AppData\Local\Temp\pgtdafod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





Again thank you so much, I look forward to instructions for the next step.

Lamba
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
18-Jul-2012, 10:53 AM #2
Please I understand there are many requests, so I will continue to be patient, but would really appreciate any assistance on this.

Just posting to update - laptop is still not showing signs of improvement.

Many thanks,
lamba
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
21-Jul-2012, 05:45 AM #3
Please help... I am still waiting patiently. (Still no improvement - I tried installing the latest Java, but no real difference)
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jul-2012, 06:43 AM #4
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
21-Jul-2012, 05:31 PM #5
Hi dvk01,

Thank you for your reply. I can't access bleepingcomputer (my computer won't let me access most anti-virus, microsoft and other websites...)

I managed to access the download link via "Hide-my-***" - a proxy filter website thingy, and have just finished running combo fix.

Please see attached log file. Nothing has changed, still no improvement unfortunately.


ComboFix 12-07-21.01 - user 21/07/2012 21:39:58.4.2 - x86
Microsoft« Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1915 [GMT 1:00]
Running from: c:\users\user\Desktop\username123.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\gxqktffo.log
c:\users\user\AppData\Local\iqheghjr.log
c:\users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe
c:\users\user\AppData\Local\mfatlnjp.log
c:\users\user\AppData\Local\tisgapwx.log
c:\users\user\AppData\Local\uywtvpbx.log
c:\users\user\AppData\Local\vvmjtweo.log
c:\users\user\AppData\Local\yrnbflns.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-21 21:02 . 2012-07-21 21:05 -------- d-----w- c:\users\user\AppData\Local\temp
2012-07-21 21:02 . 2012-07-21 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-21 21:02 . 2012-07-21 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 19:24 . 2012-07-21 20:03 -------- d-----w- C:\username123
2012-07-20 21:13 . 2012-07-20 21:13 -------- d-----w- c:\program files\Common Files\Java
2012-07-20 21:12 . 2012-07-20 21:12 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-15 19:19 . 2012-07-15 19:19 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-15 19:19 . 2012-07-15 19:19 -------- d-----w- c:\program files\Trend Micro
2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----w- c:\program files\Common Files\Skype
2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----r- c:\program files\Skype
2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-15 00:12 . 2012-07-21 19:24 -------- d-----w- C:\ComboFix
2012-07-14 00:24 . 2012-07-14 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 00:24 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 22:48 . 2012-07-13 22:48 -------- d-----w- c:\programdata\Simply Super Software
2012-07-13 22:45 . 2012-07-13 23:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-12 23:57 . 2012-07-21 21:05 -------- d-----w- c:\users\user\AppData\Local\kbxcoqfl
2012-07-10 23:57 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:50 . 2012-07-10 23:54 -------- d-----w- C:\904a9e0e8b87cd05f2
2012-07-10 23:43 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 23:43 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 23:43 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 23:43 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 23:43 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 23:43 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-21 21:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 21:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 21:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 21:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 21:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 21:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 21:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 21:40 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 21:40 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 21:12 . 2010-05-09 17:18 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-11 18:47 . 2012-04-23 19:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 18:47 . 2011-05-16 11:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-27 11:03 . 2008-05-13 06:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-01 14:03 . 2012-06-13 00:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 00:16 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 00:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 00:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2011-08-11 12:18 . 2011-08-11 12:18 128960 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-08-10 23:16 . 2011-08-10 23:16 96192 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-08-11 12:18 . 2011-08-11 12:18 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-08-11 12:18 . 2011-08-11 12:18 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-08-11 12:18 . 2011-08-11 12:18 370624 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-08-11 12:18 . 2011-08-11 12:18 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-08-11 12:18 . 2011-08-11 12:18 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-08-10 23:18 . 2011-08-10 23:18 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-08-10 23:16 . 2011-08-10 23:16 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2009-12-23 04:22 . 2010-04-21 07:45 105624 ----a-w- c:\program files\opera\program\plugins\DownloadStudioXML.dll
2011-03-18 17:57 . 2011-03-22 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
"SepOyqoc"="c:\users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\users\user\AppData\Local\k bxcoqfl\sepoyqoc.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-12-26 00:34 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2011-08-11 12:27 358336 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-27 11:03 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Trusted Zone: hsbc.co.uk\staffremoteaccess1
Trusted Zone: kcl.ac.uk\firepass
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vdoydmp9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
FF - prefs.js: browser.startup.homepage - hxxp://fileservehome.com/?tmp=toolbar_FileServe_homepage&prt=fileservetb04ff&clid=e3f8907bedc0480f91 4370093509e0f2&subid=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3115642&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - 194.36.10.156
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 80.163.85.134
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 194.36.10.156
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 194.36.10.156
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 194.36.10.156
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=mp3tubetb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-21 22:06
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sepoyqoc.exe 91232 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{0E91EFA2-AF48-4333-9965-5DD29DE31B56}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ec,82,
0a,7a,e1,5d,06,e6,73,1e,92,98,bd,5f,42
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}"=hex:51,66,7a,6c,4c,1d,38,12,6f,03,13,
04,09,e5,5a,06,e2,b4,af,2b,2f,5c,eb,d2
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{BF00E119-21A3-4FD1-B178-3B8537E75C92}"=hex:51,66,7a,6c,4c,1d,38,12,77,e2,13,
bb,91,6f,bf,0a,ce,6e,78,c5,32,b9,18,86
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,ca,79,fa,4f,26,cd,01
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\user\\Desktop\\FM09 Addons\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="25-EA80-E07F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ani"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.arw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bmp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserCh oice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bwf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cel"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cr2"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.crw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cur"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcr"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dib"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djvu"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dng"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.emf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.eps"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fpx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.gif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icl"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ico"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iff"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2k"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jfif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jp2"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpc"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpe"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpeg"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpg"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.kar"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.lbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m15"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m1a"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m2a"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m75"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mpv"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mrw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.nef"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.orf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcd"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pct"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pef"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pgm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pics"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pict"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.png"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ppm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psd"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\ UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspimage"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.qcp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.qtpf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ras"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgb"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rle"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sdv"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sfil"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sgi"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.smf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sml"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sr2"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.srf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.swa"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tga"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tiff"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ulw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.vfw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wmf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(980)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-07-21 22:13:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-21 21:13
ComboFix2.txt 2012-07-21 20:22
ComboFix3.txt 2012-07-21 20:03
.
Pre-Run: 48,466,694,144 bytes free
Post-Run: 48,318,095,360 bytes free
.
- - End Of File - - A92FFAF8A3C6DAFE39ECB91F4E152E86
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
21-Jul-2012, 05:59 PM #6
Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
21-Jul-2012, 09:49 PM #7
Hi dvk01,

Thank you for the reply.

I have followed your instructions, a script window did pop-up that asked me to upload, but no internet explorer page opened, so I went ahead and uploaded the zip file on "the spykiller"

Please find the zip file here: http://thespykiller.co.uk/index.php?...39440#msg39440


When the combo fix completed, there was also a log, so I also copied it on this post (just in case you require it):


ComboFix 12-07-21.01 - user 22/07/2012 1:54.5.2 - x86
Microsoft« Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2140 [GMT 1:00]
Running from: c:\users\user\Desktop\username123.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sepoyqoc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\gxqktffo.log
c:\users\user\AppData\Local\iqheghjr.log
c:\users\user\AppData\Local\kbxcoqfl
c:\users\user\AppData\Local\mfatlnjp.log
c:\users\user\AppData\Local\tisgapwx.log
c:\users\user\AppData\Local\uywtvpbx.log
c:\users\user\AppData\Local\vvmjtweo.log
c:\users\user\AppData\Local\yrnbflns.log
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sepoyqoc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 01:17 . 2012-07-22 01:19 -------- d-----w- c:\users\user\AppData\Local\temp
2012-07-22 01:17 . 2012-07-22 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-22 01:17 . 2012-07-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 19:24 . 2012-07-21 20:03 -------- d-----w- C:\username123
2012-07-20 21:13 . 2012-07-20 21:13 -------- d-----w- c:\program files\Common Files\Java
2012-07-20 21:12 . 2012-07-20 21:12 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-15 19:19 . 2012-07-15 19:19 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-15 19:19 . 2012-07-15 19:19 -------- d-----w- c:\program files\Trend Micro
2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----w- c:\program files\Common Files\Skype
2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----r- c:\program files\Skype
2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-15 00:12 . 2012-07-21 19:24 -------- d-----w- C:\ComboFix
2012-07-14 00:24 . 2012-07-14 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 00:24 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 22:48 . 2012-07-13 22:48 -------- d-----w- c:\programdata\Simply Super Software
2012-07-13 22:45 . 2012-07-13 23:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-10 23:57 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:50 . 2012-07-10 23:54 -------- d-----w- C:\904a9e0e8b87cd05f2
2012-07-10 23:43 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 23:43 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 23:43 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 23:43 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 23:43 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 23:43 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 21:12 . 2010-05-09 17:18 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-11 18:47 . 2012-04-23 19:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 18:47 . 2011-05-16 11:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 21:41 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:41 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 21:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 21:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 21:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 21:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-21 21:40 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-27 11:03 . 2008-05-13 06:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-01 14:03 . 2012-06-13 00:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 00:16 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 00:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 00:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2011-08-11 12:18 . 2011-08-11 12:18 128960 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-08-10 23:16 . 2011-08-10 23:16 96192 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-08-11 12:18 . 2011-08-11 12:18 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-08-11 12:18 . 2011-08-11 12:18 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-08-11 12:18 . 2011-08-11 12:18 370624 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-08-11 12:18 . 2011-08-11 12:18 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-08-11 12:18 . 2011-08-11 12:18 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-08-10 23:18 . 2011-08-10 23:18 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-08-10 23:16 . 2011-08-10 23:16 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2009-12-23 04:22 . 2010-04-21 07:45 105624 ----a-w- c:\program files\opera\program\plugins\DownloadStudioXML.dll
2011-03-18 17:57 . 2011-03-22 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-12-26 00:34 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2011-08-11 12:27 358336 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-27 11:03 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
Trusted Zone: hsbc.co.uk\staffremoteaccess1
Trusted Zone: kcl.ac.uk\firepass
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.1
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vdoydmp9.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 02:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{0E91EFA2-AF48-4333-9965-5DD29DE31B56}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ec,82,
0a,7a,e1,5d,06,e6,73,1e,92,98,bd,5f,42
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}"=hex:51,66,7a,6c,4c,1d,38,12,6f,03,13,
04,09,e5,5a,06,e2,b4,af,2b,2f,5c,eb,d2
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{BF00E119-21A3-4FD1-B178-3B8537E75C92}"=hex:51,66,7a,6c,4c,1d,38,12,77,e2,13,
bb,91,6f,bf,0a,ce,6e,78,c5,32,b9,18,86
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,ca,79,fa,4f,26,cd,01
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\user\\Desktop\\FM09 Addons\\FM Genie Scout 2009 XE\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000066
"UniqueID"="25-EA80-E07F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ani"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.arw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bmp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserCh oice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bwf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cel"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cr2"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.crw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cur"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcr"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dib"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djvu"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dng"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.emf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.eps"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fpx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.gif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icl"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ico"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iff"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2k"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jfif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jp2"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpc"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpe"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpeg"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpg"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.kar"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.lbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m15"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m1a"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m2a"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.m75"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mpv"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mrw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.nef"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.orf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcd"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pct"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcx"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pef"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pgm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pics"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pict"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.png"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ppm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psd"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\ UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspimage"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.qcp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.qtpf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ras"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgb"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rle"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sdv"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sfil"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sgi"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.smf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sml"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sr2"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.srf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.swa"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tga"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tiff"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ulw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.vfw"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\User Choice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wmf"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xbm"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"
.
[HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4844)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Acer\Acer Bio Protection\BASVC.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Launch Manager\LManager.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-22 02:27:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 01:27
ComboFix2.txt 2012-07-21 21:13
ComboFix3.txt 2012-07-21 20:22
ComboFix4.txt 2012-07-21 20:03
.
Pre-Run: 48,347,508,736 bytes free
Post-Run: 48,206,802,944 bytes free
.
- - End Of File - - A50B15C667B84383283FF841868A9E44
Upload was successful



Thanks,
lamba105
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Jul-2012, 05:30 AM #8
how is the computer now
are you still getting any problems
if you are then
Download OTScanIt.exe to your Desktop
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Double-click on OTS.exe to start the program.
  • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
22-Jul-2012, 08:12 AM #9
Hi dvk01,

Computer is showing improvement, I can now access microsoft and antivirus websites.

However Windows Defender is still not working - when I click on "turn on" in the Windows Security Centre, it claims it is turned off by group policy...very strange

Also please can you advise if I should run anti-virus scans? Such as Malwarebyte and Superantispyware.

Could you kindly also recommend a free antivirus/internet security program that I should use? My friend uses Kaspersky but its quite expensive.

I am going to run the OTScanit and will post the result when it is done.

Thanks,
lamba105
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Jul-2012, 08:29 AM #10
lets see what OTS shows first before we move on
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
22-Jul-2012, 11:09 AM #11
Hi dvk01,

Please see attached the OTS log file:


Code:
OTS logfile created on: 22/07/2012 15:51:12 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 44.38 Gb Free Space | 31.03% Space Free | Partition Type: NTFS
Drive D: | 139.50 Gb Total Space | 20.28 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ASPIRE4930
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation)
msmpeng.exe -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Users\user\Desktop\OTS.exe -> [2012/02/22 04:29:23 | 000,646,656 | ---- | M] (OldTimer Tools)
wfcrun32.exe -> C:\Program Files\Citrix\ICA Client\wfcrun32.exe -> [2011/08/11 13:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.)
concentr.exe -> C:\Program Files\Citrix\ICA Client\concentr.exe -> [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.)
receiver.exe -> C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe -> [2011/07/19 19:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.)
hsswd.exe -> C:\Program Files\Hotspot Shield\bin\hsswd.exe -> [2010/05/25 22:00:40 | 000,323,632 | ---- | M] ()
openvpnas.exe -> C:\Program Files\Hotspot Shield\bin\openvpnas.exe -> [2010/05/25 03:41:00 | 000,248,368 | ---- | M] ()
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
conime.exe -> C:\Windows\System32\conime.exe -> [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation)
compptcvui.exe -> C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe -> [2008/12/26 01:34:46 | 003,294,720 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
basvc.exe -> C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -> [2008/12/26 01:34:40 | 003,471,360 | ---- | M] ()
evteng.exe -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation)
regsrvc.exe -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation)
lmanager.exe -> C:\Program Files\Launch Manager\LManager.exe -> [2008/07/02 11:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.)
agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems)
rs_service.exe -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2008/01/11 02:03:00 | 000,233,472 | ---- | M] (Acer Incorporated)
mobilityservice.exe -> C:\ACER\Mobility Center\MobilityService.exe -> [2007/12/07 00:15:28 | 000,110,592 | ---- | M] ()
plfseti.exe -> C:\Windows\PLFSetI.exe -> [2007/10/23 19:56:18 | 000,200,704 | ---- | M] ()
libusbd-nt.exe -> C:\Windows\System32\libusbd-nt.exe -> [2005/03/09 13:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net)
 
[Modules - No Company Name]
zlib1.dll -> C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll -> [2011/06/24 22:56:36 | 000,087,328 | ---- | M] ()
libxml2.dll -> C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll -> [2011/06/24 22:56:14 | 001,241,888 | ---- | M] ()
plfseti.exe -> C:\Windows\PLFSetI.exe -> [2007/10/23 19:56:18 | 000,200,704 | ---- | M] ()
powerutl.dll -> C:\Program Files\Launch Manager\PowerUtl.dll -> [2003/06/07 13:30:08 | 000,057,344 | ---- | M] ()
 
[Win32 Services - Safe List]
(SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files\Skype\Updater\Updater.exe -> [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies)
(NisSrv) Microsoft Network Inspection [On_Demand | Stopped] -> c:\Program Files\Microsoft Security Client\NisSrv.exe -> [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation)
(HssWd) Hotspot Shield Monitoring Service [Auto | Running] -> C:\Program Files\Hotspot Shield\bin\hsswd.exe -> [2010/05/25 22:00:40 | 000,323,632 | ---- | M] ()
(HssSrv) Hotspot Shield Routing Service [On_Demand | Stopped] -> C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -> [2010/05/25 22:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.)
(HssTrayService) Hotspot Shield Tray Service [On_Demand | Stopped] -> C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -> [2010/05/25 03:42:18 | 000,057,640 | ---- | M] ()
(HotspotShieldService) Hotspot Shield Service [Auto | Running] -> C:\Program Files\Hotspot Shield\bin\openvpnas.exe -> [2010/05/25 03:41:00 | 000,248,368 | ---- | M] ()
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2010/02/26 15:14:04 | 000,652,800 | ---- | M] (Nokia)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe -> [2009/09/18 13:40:33 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/01/08 18:28:25 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(IGBASVC) iGroupTec Service [Auto | Running] -> C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -> [2008/12/26 01:34:40 | 003,471,360 | ---- | M] ()
(EvtEng) Intel« PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation)
(RegSrvc) Intel« PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems)
(WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation)
(RS_Service) Raw Socket Service [Auto | Running] -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2008/01/11 02:03:00 | 000,233,472 | ---- | M] (Acer Incorporated)
(MobilityService) MobilityService [Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2007/12/07 00:15:28 | 000,110,592 | ---- | M] ()
(libusbd) LibUsb-Win32 - Daemon, Version 0.1.10.1 [Auto | Running] -> C:\Windows\System32\libusbd-nt.exe -> [2005/03/09 13:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net)
 
[Driver Services - Safe List]
(NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation)
(ctxusbm) Citrix USB Monitor Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\ctxusbm.sys -> [2011/08/11 00:20:24 | 000,066,776 | ---- | M] (Citrix Systems, Inc.)
(sptd) sptd [Kernel | Disabled | Stopped] -> C:\Windows\System32\drivers\sptd.sys -> [2010/11/26 22:12:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.)
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            )
(HssDrv) Hotspot Shield Helper Miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\hssdrv.sys -> [2010/05/13 23:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.)
(taphss) Anchorfree HSS Adapter [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\taphss.sys -> [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> C:\Windows\System32\drivers\kbdhid.sys -> [2010/05/05 22:56:55 | 000,000,000 | ---- | M] ()
(NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvhda32v.sys -> [2009/08/21 21:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation)
(nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2009/08/19 13:35:00 | 009,787,488 | ---- | M] (NVIDIA Corporation)
(tap0901) TAP-Win32 Adapter V9 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tap0901.sys -> [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project)
(JMCR) JMCR [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\jmcr.sys -> [2009/04/17 09:48:12 | 000,114,528 | ---- | M] (JMicron Technology Corporation)
(hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\hamachi.sys -> [2009/02/06 16:29:40 | 000,025,280 | ---- | M] (LogMeIn, Inc.)
(AlfaFF) AlfaFF File System mini-filter [File_System | Boot | Running] -> C:\Windows\system32\Drivers\AlfaFF.sys -> [2008/12/26 01:34:34 | 000,043,184 | ---- | M] (Alfa Corporation)
(NETw5v32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NETw5v32.sys -> [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia)
(ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atswpdrv.sys -> [2008/04/25 19:31:26 | 000,146,688 | ---- | M] (AuthenTec, Inc.)
(AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AGRSM.sys -> [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems)
(bfturboh) BUFFALO TurboUSB for HD Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\bfturboh.sys -> [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.)
(enecir) ENE CIR Receiver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\enecir.sys -> [2008/01/24 21:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.)
(tapvpn) TAP VPN Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tapvpn.sys -> [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project)
(DritekPortIO) Dritek General Port I/O [Kernel | System | Running] -> C:\Program Files\Launch Manager\DPortIO.sys -> [2006/11/02 21:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.)
(libusb0) LibUsb-Win32 - Kernel Driver, Version 0.1.10.1 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\libusb0.sys -> [2005/03/09 13:50:16 | 000,033,792 | ---- | M] ()
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://en.us.acer.yahoo.com -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: Main\\"Default Download Directory" -> C:\Users\user\Desktop -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: Main\\"Start Page" -> http://www.google.com/ig -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vdoydmp9.default\prefs.js -> 
browser.search.defaultengine -> "Yahoo-FileServe" ->
browser.search.defaultenginename -> "Yahoo-FileServe" ->
browser.search.order.1 -> "Yahoo-FileServe" ->
browser.search.param.yahoo-fr -> "megaup" ->
browser.search.param.yahoo-fr-cjkt -> "megaup" ->
browser.search.selectedEngineURL -> "http://fileservehome.com/?&prt=fileservetb01ff&clid=e3f8907bedc0480f914370093509e0f2&subid=&Keywords={searchTerms}" ->
extensions.enabledItems -> en-GB@dictionaries.addons.mozilla.org:1.19.1 ->
extensions.enabledItems -> {0851d9cd-87db-4a0d-a792-097dc9071486}:5.2 ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 ->
extensions.enabledItems -> avg@igeared:6.010.006.004 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 ->
network.proxy.backup.ftp -> "212.113.5.2" ->
network.proxy.backup.ftp_port -> 90 ->
network.proxy.backup.gopher -> "89.186.169.182" ->
network.proxy.backup.gopher_port -> 3128 ->
network.proxy.backup.socks -> "212.113.5.2" ->
network.proxy.backup.socks_port -> 90 ->
network.proxy.backup.ssl -> "212.113.5.2" ->
network.proxy.backup.ssl_port -> 90 ->
network.proxy.no_proxies_on -> "" ->
network.proxy.share_proxy_settings -> true ->
< FireFox Settings [User.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vdoydmp9.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\] -> [2010/07/08 18:08:07 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2012/05/27 12:04:44 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2012/05/27 12:04:44 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/07/16 10:49:09 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/07/20 22:12:51 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\user\AppData\Roaming\mozilla\Extensions -> [2009/01/16 16:01:31 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions -> [2012/05/21 01:57:16 | 000,000,000 | ---D | M]
DownloadStudio Integration   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{0851d9cd-87db-4a0d-a792-097dc9071486} -> [2010/04/21 08:45:31 | 000,000,000 | ---D | M]
MegaUpload Time Attack   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} -> [2009/09/19 00:03:26 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/05/11 15:19:27 | 000,000,000 | ---D | M]
uTorrentControl3 Community Toolbar   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a} -> [2012/05/21 01:57:17 | 000,000,000 | ---D | M]
"Megaupload Toolbar"   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D} -> [2010/01/16 02:23:26 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\bitlypreview@jay.ridgeway -> [2010/03/03 00:10:52 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\en-GB@dictionaries.addons.mozilla.org -> [2010/12/24 01:04:02 | 000,000,000 | ---D | M]
  -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\foxyproxy@eric.h.jung -> [2011/04/16 07:17:19 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2012/07/20 22:09:24 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/09 18:19:01 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/25 22:53:12 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/27 16:46:52 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2010/12/25 19:42:26 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011/03/09 04:31:44 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/06/17 01:59:56 | 000,000,000 | ---D | M]
No name found -> C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} -> File not found
RealPlayer Browser Record Plugin -> C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT -> [2012/05/27 12:04:44 | 000,000,000 | ---D | M]
No name found -> C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VDOYDMP9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> ()
British English Dictionary -> C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VDOYDMP9.DEFAULT\EXTENSIONS\EN-GB@DICTIONARIES.ADDONS.MOZILLA.ORG -> [2010/12/24 01:04:02 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/07/22 02:19:34 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/08/30 12:57:33 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2012/05/27 12:04:42 | 000,425,680 | ---- | M] (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/07/20 22:12:12 | 000,453,104 | ---- | M] (Oracle Corporation)
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/11/26 02:07:30 | 000,764,912 | ---- | M] (Google Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/12/30 02:03:26 | 000,098,304 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/07/20 22:12:12 | 000,157,680 | ---- | M] (Oracle Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"APSDaemon" -> C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.)
"ConnectionCenter" -> C:\Program Files\Citrix\ICA Client\concentr.exe ["C:\Program Files\Citrix\ICA Client\concentr.exe" /startup] -> [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.)
"LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2008/07/02 11:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.)
"MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation)
"NvCplDaemon" -> C:\Windows\System32\NvCpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009/08/19 15:24:18 | 013,793,824 | ---- | M] (NVIDIA Corporation)
"PLFSetI" -> C:\Windows\PLFSetI.exe [C:\Windows\PLFSetI.exe] -> [2007/10/23 19:56:18 | 000,200,704 | ---- | M] ()
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"EnableLUA" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Append to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
Download all with Free Download Manager -> C:\Program Files\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 000,000,893 | ---- | M] ()
Download selected with Free Download Manager -> C:\Program Files\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 000,000,463 | ---- | M] ()
Download video with Free Download Manager -> C:\Program Files\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 000,001,706 | ---- | M] ()
Download with Free Download Manager -> C:\Program Files\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 000,002,140 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{10954C80-4F0F-11d3-B17C-00C0DFE39736}:Exec [HKLM] -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe [Button: Quick-Launching Area] -> [2008/12/26 01:34:51 | 003,772,136 | ---- | M] ()
{10954C80-4F0F-11d3-B17C-00C0DFE39736}:Exec [HKLM] -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe [Menu: Quick-Launching Area] -> [2008/12/26 01:34:51 | 003,772,136 | ---- | M] ()
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2011/09/04 02:25:33 | 000,579,416 | ---- | M] (PokerStars)
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @btrez.dll,-4015] -> [2007/01/23 12:57:52 | 000,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @btrez.dll,-12650] -> [2007/01/23 12:57:52 | 000,002,758 | ---- | M] ()
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] ->  [@btrez.dll,-4015] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4816 domain(s) found. -> 
staffremoteaccess1_hsbc.co.uk [https] -> Trusted sites -> 
firepass_kcl.ac.uk [http] -> Trusted sites -> 
firepass_kcl.ac.uk [https] -> Trusted sites -> 
v4.windowsupdate_microsoft.com [http] -> Trusted sites -> 
v4.windowsupdate_microsoft.com [https] -> Trusted sites -> 
v5.windowsupdate_microsoft.com [http] -> Trusted sites -> 
windowsupdate_microsoft.com [http] -> Trusted sites -> 
pps.tv .[http] -> Trusted sites -> 
ppstream.com .[http] -> Trusted sites -> 
webscache.com .[http] -> Trusted sites -> 
download_windowsupdate.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{15BE8BEE-4105-4A79-B385-25068AA967DB} [HKLM] -> http://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB [VBIRDPlayer.Player] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{2DCB00FB-3485-486B-BD41-C49AD605264D} [HKLM] -> https://www.epost.go.kr/comm/easykeytec/easykeytec.cab [EZKeytecWeb Class] -> 
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab [DLM Control] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Value error.] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{E6F480FC-BD44-4CBA-B74A-89AF7842937D} [HKLM] -> http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab [SysInfo Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6978C0C8-E728-4253-9995-1E21EB1F7808}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe GBE Family Controller) -> 
{860D42D6-BF91-443B-A831-C7B15D384F31}\\DhcpNameServer -> 192.168.1.1   (Intel(R) WiFi Link 5100 AGN) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon ->  -> File not found
AWinNotifyVitaKey MC3000 -> C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll -> [2008/12/26 01:34:49 | 002,972,160 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] ->  [] -> File not found
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\PPStream\PPSAP.exe" ->  [C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ═°┬š╝Ë╦┘ø] -> File not found
"C:\Program Files\PPStream\PPStream.exe" ->  [C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS═°┬šÁš╩Ë] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 22:43:36 | 000,000,024 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Users\user\Desktop\OTS.exe -> [2012/07/22 13:45:10 | 000,646,656 | ---- | C] (OldTimer Tools)
 Microsoft Security Client -> C:\Program Files\Microsoft Security Client -> [2012/07/22 13:25:37 | 000,000,000 | ---D | C]
 netio.sys -> C:\Windows\System32\drivers\netio.sys -> [2012/07/22 13:17:18 | 000,221,568 | ---- | C] (Microsoft Corporation)
 temp -> C:\Users\user\AppData\Local\temp -> [2012/07/22 02:28:45 | 000,000,000 | ---D | C]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/07/22 02:27:01 | 000,000,000 | -HSD | C]
 username12312530u -> C:\username12312530u -> [2012/07/22 01:52:31 | 000,000,000 | ---D | C]
 username12315326u -> C:\username12315326u -> [2012/07/21 21:38:13 | 000,000,000 | ---D | C]
 username12331959u -> C:\username12331959u -> [2012/07/21 21:07:08 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2012/07/21 20:24:27 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2012/07/21 20:24:27 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/07/21 20:24:27 | 000,060,416 | ---- | C] (NirSoft)
 username123 -> C:\username123 -> [2012/07/21 20:24:17 | 000,000,000 | ---D | C]
 username123.exe -> C:\Users\user\Desktop\username123.exe -> [2012/07/21 20:21:26 | 004,582,474 | R--- | C] (Swearware)
 Java -> C:\Program Files\Common Files\Java -> [2012/07/20 22:13:19 | 000,000,000 | ---D | C]
 npDeployJava1.dll -> C:\Windows\System32\npDeployJava1.dll -> [2012/07/20 22:12:51 | 000,772,592 | ---- | C] (Oracle Corporation)
 javaws.exe -> C:\Windows\System32\javaws.exe -> [2012/07/20 22:12:51 | 000,227,824 | ---- | C] (Oracle Corporation)
 javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/07/20 22:12:31 | 000,174,064 | ---- | C] (Oracle Corporation)
 java.exe -> C:\Windows\System32\java.exe -> [2012/07/20 22:12:31 | 000,174,064 | ---- | C] (Oracle Corporation)
 The Young Romans - Tiger Child -> C:\Users\user\Desktop\The Young Romans - Tiger Child -> [2012/07/16 15:29:53 | 000,000,000 | ---D | C]
 Scan pro -> C:\Users\user\Desktop\Scan pro -> [2012/07/15 20:19:57 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2012/07/15 20:19:22 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2012/07/15 20:19:22 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Skype -> [2012/07/15 14:04:56 | 000,000,000 | R--D | C]
 Skype -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype -> [2012/07/15 14:04:56 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Common Files\Skype -> [2012/07/15 14:04:56 | 000,000,000 | ---D | C]
 CCleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner -> [2012/07/15 12:19:51 | 000,000,000 | ---D | C]
 ComboFix -> C:\ComboFix -> [2012/07/15 01:12:55 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2012/07/15 01:11:58 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/07/14 01:24:56 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2012/07/14 01:24:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2012/07/14 01:24:52 | 000,000,000 | ---D | C]
 Simply Super Software -> C:\ProgramData\Simply Super Software -> [2012/07/13 23:48:51 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2012/07/13 23:45:39 | 000,000,000 | ---D | C]
 gc backup -> C:\Users\user\Desktop\gc backup -> [2012/07/13 23:26:19 | 000,000,000 | ---D | C]
 win32k.sys -> C:\Windows\System32\win32k.sys -> [2012/07/11 00:57:24 | 002,047,488 | ---- | C] (Microsoft Corporation)
 904a9e0e8b87cd05f2 -> C:\904a9e0e8b87cd05f2 -> [2012/07/11 00:50:11 | 000,000,000 | ---D | C]
 mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2012/07/11 00:49:12 | 002,382,848 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\System32\ieui.dll -> [2012/07/11 00:49:11 | 000,176,640 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2012/07/11 00:49:10 | 000,142,848 | ---- | C] (Microsoft Corporation)
 jscript9.dll -> C:\Windows\System32\jscript9.dll -> [2012/07/11 00:49:09 | 001,800,192 | ---- | C] (Microsoft Corporation)
 url.dll -> C:\Windows\System32\url.dll -> [2012/07/11 00:49:09 | 000,231,936 | ---- | C] (Microsoft Corporation)
 jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2012/07/11 00:49:08 | 000,065,024 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2012/07/11 00:49:07 | 001,427,968 | ---- | C] (Microsoft Corporation)
 ncrypt.dll -> C:\Windows\System32\ncrypt.dll -> [2012/07/11 00:43:14 | 000,204,288 | ---- | C] (Microsoft Corporation)
 Car rental -> C:\Users\user\Desktop\Car rental -> [2012/06/25 00:35:18 | 000,000,000 | ---D | C]
 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 2 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> 
 1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 nvModes.dat -> C:\ProgramData\nvModes.dat -> [2012/07/22 15:52:23 | 000,496,206 | ---- | M] ()
 nvModes.001 -> C:\ProgramData\nvModes.001 -> [2012/07/22 15:52:22 | 000,496,206 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/07/22 15:36:51 | 000,003,344 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/07/22 15:36:51 | 000,003,344 | -H-- | M] ()
 Apple Safari.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2012/07/22 14:42:24 | 000,002,305 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/07/22 13:36:49 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/07/22 13:35:51 | 3219,144,704 | -HS- | M] ()
 bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2012/07/22 13:34:48 | 000,000,012 | ---- | M] ()
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2012/07/22 13:28:45 | 000,001,945 | ---- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2012/07/22 13:25:58 | 000,609,784 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2012/07/22 13:25:58 | 000,110,894 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/07/22 03:00:59 | 000,185,344 | ---- | M] ()
 hosts -> C:\Windows\System32\drivers\etc\hosts -> [2012/07/22 02:19:34 | 000,000,027 | ---- | M] ()
 username123.exe -> C:\Users\user\Desktop\username123.exe -> [2012/07/21 20:21:20 | 004,582,474 | R--- | M] (Swearware)
 defogger_reenable -> C:\Users\user\defogger_reenable -> [2012/07/20 22:42:33 | 000,000,000 | ---- | M] ()
 npDeployJava1.dll -> C:\Windows\System32\npDeployJava1.dll -> [2012/07/20 22:12:12 | 000,772,592 | ---- | M] (Oracle Corporation)
 deployJava1.dll -> C:\Windows\System32\deployJava1.dll -> [2012/07/20 22:12:12 | 000,687,600 | ---- | M] (Oracle Corporation)
 javaws.exe -> C:\Windows\System32\javaws.exe -> [2012/07/20 22:12:12 | 000,227,824 | ---- | M] (Oracle Corporation)
 javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/07/20 22:12:12 | 000,174,064 | ---- | M] (Oracle Corporation)
 java.exe -> C:\Windows\System32\java.exe -> [2012/07/20 22:12:12 | 000,174,064 | ---- | M] (Oracle Corporation)
 Suits.S02E05.HDTV.XviD-KWZ.avi -> C:\Users\user\Desktop\Suits.S02E05.HDTV.XviD-KWZ.avi -> [2012/07/20 20:18:38 | 364,656,146 | ---- | M] ()
 White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> C:\Users\user\Desktop\White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> [2012/07/19 19:28:25 | 003,670,016 | ---- | M] ()
 White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> C:\Users\user\Desktop\White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> [2012/07/18 04:40:29 | 347,783,388 | ---- | M] ()
 launch.ica.f6uhmq7.partial -> C:\Users\user\Desktop\launch.ica.f6uhmq7.partial -> [2012/07/16 10:51:57 | 000,001,609 | ---- | M] ()
 Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2012/07/16 10:25:05 | 000,000,868 | ---- | M] ()
 NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2012/07/15 17:00:54 | 000,000,069 | ---- | M] ()
 d3d9caps.dat -> C:\Users\user\AppData\Local\d3d9caps.dat -> [2012/07/14 10:05:36 | 000,001,356 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/07/14 01:24:56 | 000,000,910 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2012/07/11 01:03:36 | 002,362,744 | ---- | M] ()
 mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation)
 3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
 2 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> 
 1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> 
 
[Files - No Company Name]
 epplauncher.mif -> C:\Windows\epplauncher.mif -> [2012/07/22 13:28:45 | 000,001,945 | ---- | C] ()
 Microsoft Security Essentials.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> [2012/07/22 13:26:13 | 000,001,830 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2012/07/21 20:24:27 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/07/21 20:24:27 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/07/21 20:24:27 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/07/21 20:24:27 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/07/21 20:24:27 | 000,068,096 | ---- | C] ()
 defogger_reenable -> C:\Users\user\defogger_reenable -> [2012/07/20 22:42:33 | 000,000,000 | ---- | C] ()
 Suits.S02E05.HDTV.XviD-KWZ.avi -> C:\Users\user\Desktop\Suits.S02E05.HDTV.XviD-KWZ.avi -> [2012/07/20 19:55:37 | 364,656,146 | ---- | C] ()
 White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> C:\Users\user\Desktop\White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> [2012/07/19 19:56:45 | 347,783,388 | ---- | C] ()
 White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> C:\Users\user\Desktop\White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> [2012/07/19 19:27:56 | 003,670,016 | ---- | C] ()
 launch.ica.f6uhmq7.partial -> C:\Users\user\Desktop\launch.ica.f6uhmq7.partial -> [2012/07/16 10:52:00 | 000,001,609 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/07/15 00:27:02 | 3219,144,704 | -HS- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/07/14 01:24:56 | 000,000,910 | ---- | C] ()
 hpqins13.dat -> C:\Windows\hpqins13.dat -> [2011/08/03 04:19:45 | 000,019,519 | ---- | C] ()
 hpoins21.dat -> C:\Windows\hpoins21.dat -> [2011/08/03 02:47:53 | 000,165,497 | ---- | C] ()
 ViewNX2.INI -> C:\Windows\ViewNX2.INI -> [2011/07/22 00:56:10 | 000,000,000 | ---- | C] ()
 Bundle -> C:\ProgramData\Bundle -> [2011/07/21 23:34:44 | 000,000,268 | RH-- | C] ()
 Booms -> C:\Users\user\AppData\Roaming\Booms -> [2011/07/21 23:34:44 | 000,000,268 | RH-- | C] ()
 PKP_DLev.DAT -> C:\ProgramData\PKP_DLev.DAT -> [2011/07/21 23:34:44 | 000,000,020 | -H-- | C] ()
 Bubble Noise -> C:\ProgramData\Bubble Noise -> [2011/07/21 23:34:43 | 000,000,268 | RH-- | C] ()
 BookService -> C:\Users\user\AppData\Roaming\BookService -> [2011/07/21 23:34:43 | 000,000,268 | RH-- | C] ()
 PKP_DLes.DAT -> C:\ProgramData\PKP_DLes.DAT -> [2011/07/21 23:34:43 | 000,000,020 | -H-- | C] ()
 Brother -> C:\ProgramData\Brother -> [2011/07/21 23:34:41 | 000,000,268 | RH-- | C] ()
 Bass Reduction -> C:\Users\user\AppData\Roaming\Bass Reduction -> [2011/07/21 23:34:41 | 000,000,268 | RH-- | C] ()
 PKP_DLet.DAT -> C:\ProgramData\PKP_DLet.DAT -> [2011/07/21 23:34:41 | 000,000,020 | -H-- | C] ()
 winscp.rnd -> C:\Users\user\AppData\Roaming\winscp.rnd -> [2011/03/11 03:11:24 | 000,000,600 | ---- | C] ()
 
[Files/Folders - Unicode - All]
C:\Windows\System32\?u -> C:\Windows\System32\&#62256;&#365; -> [2011/04/14 16:51:50 | 000,000,036 | ---- | C] ()
C:\Windows\System32\?u -> C:\Windows\System32\&#62256;&#365; -> [2011/04/14 16:51:50 | 000,000,036 | ---- | M] ()
C:\Windows\System32\?i -> C:\Windows\System32\&#49672;&#301; -> [2011/06/04 15:06:47 | 000,000,036 | ---- | C] ()
C:\Windows\System32\?i -> C:\Windows\System32\&#49672;&#301; -> [2011/06/04 15:06:47 | 000,000,036 | ---- | M] ()
C:\Windows\System32\?? -> C:\Windows\System32\&#32624;&#1224; -> [2011/08/09 12:58:17 | 000,000,036 | ---- | C] ()
C:\Windows\System32\?? -> C:\Windows\System32\&#32624;&#1224; -> [2011/08/09 12:58:17 | 000,000,036 | ---- | M] ()
C:\Windows\System32\?z -> C:\Windows\System32\&#53144;&#380; -> [2011/08/11 17:24:40 | 000,000,036 | ---- | C] ()
C:\Windows\System32\?z -> C:\Windows\System32\&#53144;&#380; -> [2011/08/11 17:24:40 | 000,000,036 | ---- | M] ()
C:\Windows\System32\?b -> C:\Windows\System32\&#33128;&#384; -> [2011/09/21 23:05:22 | 000,000,036 | ---- | C] ()
C:\Windows\System32\?b -> C:\Windows\System32\&#33128;&#384; -> [2011/09/21 23:05:22 | 000,000,036 | ---- | M] ()
C:\Users\user\Desktop\??.rmvb -> C:\Users\user\Desktop\&#36870;&#25136;.rmvb -> [2012/02/08 15:29:46 | 508,673,289 | ---- | M] ()
C:\Users\user\Desktop\??.rmvb -> C:\Users\user\Desktop\&#36870;&#25136;.rmvb -> [2012/02/08 15:31:59 | 508,673,289 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 642 bytes -> C:\Users\user\Desktop\launch.ica.f6uhmq7.partial:icasource
< End of report >

Thanks,
lamba105
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Jul-2012, 01:28 PM #12
nothing obvious in OTS

Download & install the Microsoft Security Essentials Antivirus

do a full scan, let it fix what ever it finds
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
22-Jul-2012, 08:15 PM #13
Hi dvk01,

Just finished running Microsoft Sec. Ess. Antivirus, it found 1 item and I've deleted it.

So far computer seems to be normal again, which is great! Thank you so much for your help.

With the microsoft antivirus, is it safe to still run malwarebyte scans from time to time? Also do you recommend any additional software that will prevent and enhance safety of my computer?

Really appreciate your help!

Lamba105
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Jul-2012, 05:16 AM #14
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.
  • Please double-click OTScanIt.exe to run it.
press cleanup & it will will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot


go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
lamba105's Avatar
lamba105 lamba105 is offline
Computer Specs
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
23-Jul-2012, 04:45 PM #15
Hi dvk01,

Thanks for your reply.

I believe the Microsoft Essential Security deleted the combo fix files...because when I ran Combofix /Uninstall, it said it can't find it...

I did manage to run OTSscan and deleted the tools.

After restarting I downloaded and ran PSI, but it just stays on the loading screen - I tried restarting, uninstalling, reinstalling and running it, but nothing happened...do I need to disable the Microsoft Essential Security first?

Please let me know.

Thanks,
lamba105
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑