1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot run or access anti-virus systems and microsoft websites

Discussion in 'Virus & Other Malware Removal' started by lamba105, Jul 16, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi there,

    Recently have had some issues with Google Chrome not opening when I double-click the icon. I then searched online and found it may have been conflicting with AVG antivirus. So I uninstalled it and now everything seems to be going wrong - I can't even activate windows defender.

    I tried to look for people who have similar issues and managed to run my Malwarebyte (by naming it .com rather than .exe), but it won't update and even after deleting the found infections, nothing really changed. :confused:

    Currently Google chrome still doesn't work and I can't run any anti-virus systems, nor can I access anti-virus websites and microsoft websites, because a page comes up that say "failed to open page" (also can't go on bleepingcomputer to download some software - but I found them on different mirror links)

    I can still access other websites, but without any anti-virus systems working.

    Please please kindly help me with this issue. I followed the thread on posting questions and have attached everything as requested, except for the Gmer scan.

    I ran a full scan on Sunday morning and after 6 hours it was still running. I saw it was taking a long time scanning some Rosetta Stone (language learning software), so I uninstalled and deleted all my spanish collection... I then ran another scan on Sunday evening but this morning it is still running! So I stopped it and attached the log for only the quick scan - I hope this is ok...


    I took the day off work today, so hopefully can reply to response promptly, otherwise will be able to follow up during evenings (so apologies in advance if during the day I cannot respond)

    Really appreciate this, thanks!!


    HIJACKTHIS log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:21:09, on 15/07/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\FileServe Toolbar\FileServeSvc.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    C:\Windows\system32\libusbd-nt.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\FileServe Toolbar\FileServeVideoToMp3.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe,
    O2 - BHO: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: FileServe Toolbar - {0E91EFA2-AF48-4333-9965-5DD29DE31B56} - "C:\Program Files\FileServe Toolbar\fileservetb.dll" (file missing)
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SepOyqoc] C:\Users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files\FileServe Manager\GetUrl.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://firepass.kcl.ac.uk
    O15 - Trusted Zone: http://*.pps.tv
    O15 - Trusted Zone: http://*.ppstream.com
    O15 - Trusted Zone: http://*.webscache.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O15 - ESC Trusted Zone: http://*.pps.tv
    O15 - ESC Trusted Zone: http://*.ppstream.com
    O15 - ESC Trusted Zone: http://*.webscache.com
    O16 - DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} (VBIRDPlayer.Player) - http://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
    O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} (EZKeytecWeb Class) - https://www.epost.go.kr/comm/easykeytec/easykeytec.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FileServe Toolbar Helper - Unknown owner - C:\Program Files\FileServe Toolbar\FileServeSvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

    --
    End of file - 18652 bytes



    DDS log:


    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by user at 20:22:37 on 2012-07-15
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1866 [GMT 1:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\FileServe Toolbar\FileServeSvc.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    C:\Windows\system32\libusbd-nt.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\FileServe Toolbar\FileServeVideoToMp3.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\user\appdata\local\kbxcoqfl\sepoyqoc.exe,
    BHO: FileServeManager: {00000001-ab3b-4334-9da2-ec6b2a02afc6} - c:\program files\fileserve manager\FileServeBHO.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: FileServe Toolbar: {0e91efa2-af48-4333-9965-5dd29de31b56} - "c:\program files\fileserve toolbar\fileservetb.dll"
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SepOyqoc] c:\users\user\appdata\local\kbxcoqfl\sepoyqoc.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with FileServe Manager - c:\program files\fileserve manager\GetUrl.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: hsbc.co.uk\staffremoteaccess1
    Trusted Zone: kcl.ac.uk\firepass
    Trusted Zone: microsoft.com\v4.windowsupdate
    Trusted Zone: microsoft.com\v5.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    Trusted Zone: windowsupdate.com\download
    DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{860D42D6-BF91-443B-A831-C7B15D384F31} : DhcpNameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\vdoydmp9.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3115642&SearchSource=2&q=
    FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
    FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
    FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
    FF - prefs.js: network.proxy.ftp - 194.36.10.156
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 80.163.85.134
    FF - prefs.js: network.proxy.gopher_port - 3128
    FF - prefs.js: network.proxy.http - 194.36.10.156
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 194.36.10.156
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 194.36.10.156
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\vdoydmp9.default\extensions\{0851d9cd-87db-4a0d-a792-097dc9071486}\components\DownloadStudioNativeWrapper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\space international\easykeytec v2.0\npEZKeytecPlugin.dll
    FF - plugin: c:\program files\space international\easykeytec v2.0\npEZKeytecPlugins.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=fileservetb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-12-26 43184]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-8-11 66776]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 FileServe Toolbar Helper;FileServe Toolbar Helper;c:\program files\fileserve toolbar\FileServeSvc.exe [2011-1-6 260896]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2008-12-26 3471360]
    R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-12-26 233472]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-5-16 52736]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-17 114528]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-1-8 33792]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
    S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-1-15 17152]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-07-15 19:19:23 388096 ----a-r- c:\users\user\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-07-15 19:19:22 -------- d-----w- c:\program files\Trend Micro
    2012-07-15 13:04:56 -------- d-----r- c:\program files\Skype
    2012-07-15 11:56:56 -------- d-----w- c:\users\user\appdata\roaming\SUPERAntiSpyware.com
    2012-07-15 11:56:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-15 11:56:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-15 00:12:55 -------- d-s---w- C:\ComboFix
    2012-07-14 00:24:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-14 00:24:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-13 22:48:51 -------- d-----w- c:\programdata\Simply Super Software
    2012-07-13 22:45:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-07-12 23:57:47 -------- d-----w- c:\users\user\appdata\local\kbxcoqfl
    2012-07-10 23:57:24 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-10 23:50:11 -------- d-----w- C:\904a9e0e8b87cd05f2
    2012-07-10 23:43:39 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-10 23:43:36 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 23:43:36 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-10 23:43:14 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-10 23:43:14 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-10 23:43:14 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-21 21:41:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 21:40:42 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 21:40:21 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 21:40:21 171904 ----a-w- c:\windows\system32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-06-11 18:47:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-11 18:47:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-27 11:03:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 20:23:46.73 ===============




    Please see attachment for "Attach" log



    ARK log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-16 10:13:45
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C
    Running: ttnme22.com; Driver: C:\Users\user\AppData\Local\Temp\pgtdafod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----





    Again thank you so much, I look forward to instructions for the next step. :)

    Lamba
     

    Attached Files:

  2. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Please I understand there are many requests, so I will continue to be patient, but would really appreciate any assistance on this.

    Just posting to update - laptop is still not showing signs of improvement.

    Many thanks,
    lamba
     
  3. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Please help... I am still waiting patiently. (Still no improvement - I tried installing the latest Java, but no real difference)
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  5. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi dvk01,

    Thank you for your reply. I can't access bleepingcomputer (my computer won't let me access most anti-virus, microsoft and other websites...)

    I managed to access the download link via "Hide-my-***" - a proxy filter website thingy, and have just finished running combo fix.

    Please see attached log file. Nothing has changed, still no improvement unfortunately.


    ComboFix 12-07-21.01 - user 21/07/2012 21:39:58.4.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3069.1915 [GMT 1:00]
    Running from: c:\users\user\Desktop\username123.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\user\AppData\Local\gxqktffo.log
    c:\users\user\AppData\Local\iqheghjr.log
    c:\users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe
    c:\users\user\AppData\Local\mfatlnjp.log
    c:\users\user\AppData\Local\tisgapwx.log
    c:\users\user\AppData\Local\uywtvpbx.log
    c:\users\user\AppData\Local\vvmjtweo.log
    c:\users\user\AppData\Local\yrnbflns.log
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MICORSOFT_WINDOWS_SERVICE
    -------\Service_Micorsoft Windows Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-21 21:02 . 2012-07-21 21:05 -------- d-----w- c:\users\user\AppData\Local\temp
    2012-07-21 21:02 . 2012-07-21 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-21 21:02 . 2012-07-21 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-21 19:24 . 2012-07-21 20:03 -------- d-----w- C:\username123
    2012-07-20 21:13 . 2012-07-20 21:13 -------- d-----w- c:\program files\Common Files\Java
    2012-07-20 21:12 . 2012-07-20 21:12 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-15 19:19 . 2012-07-15 19:19 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-07-15 19:19 . 2012-07-15 19:19 -------- d-----w- c:\program files\Trend Micro
    2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----w- c:\program files\Common Files\Skype
    2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----r- c:\program files\Skype
    2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-15 00:12 . 2012-07-21 19:24 -------- d-----w- C:\ComboFix
    2012-07-14 00:24 . 2012-07-14 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-14 00:24 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-13 22:48 . 2012-07-13 22:48 -------- d-----w- c:\programdata\Simply Super Software
    2012-07-13 22:45 . 2012-07-13 23:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-07-12 23:57 . 2012-07-21 21:05 -------- d-----w- c:\users\user\AppData\Local\kbxcoqfl
    2012-07-10 23:57 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-10 23:50 . 2012-07-10 23:54 -------- d-----w- C:\904a9e0e8b87cd05f2
    2012-07-10 23:43 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-10 23:43 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 23:43 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-10 23:43 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-10 23:43 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-10 23:43 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-21 21:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 21:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 21:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 21:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 21:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 21:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 21:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 21:40 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 21:40 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-20 21:12 . 2010-05-09 17:18 687600 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-11 18:47 . 2012-04-23 19:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-11 18:47 . 2011-05-16 11:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-27 11:03 . 2008-05-13 06:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-05-01 14:03 . 2012-06-13 00:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-23 16:00 . 2012-06-13 00:16 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-23 16:00 . 2012-06-13 00:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-23 16:00 . 2012-06-13 00:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2011-08-11 12:18 . 2011-08-11 12:18 128960 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2011-08-10 23:16 . 2011-08-10 23:16 96192 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2011-08-11 12:18 . 2011-08-11 12:18 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2011-08-11 12:18 . 2011-08-11 12:18 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2011-08-11 12:18 . 2011-08-11 12:18 370624 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2011-08-11 12:18 . 2011-08-11 12:18 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2011-08-11 12:18 . 2011-08-11 12:18 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2011-08-10 23:18 . 2011-08-10 23:18 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2011-08-10 23:16 . 2011-08-10 23:16 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2009-12-23 04:22 . 2010-04-21 07:45 105624 ----a-w- c:\program files\opera\program\plugins\DownloadStudioXML.dll
    2011-03-18 17:57 . 2011-03-22 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
    "SepOyqoc"="c:\users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\system32\userinit.exe,,c:\users\user\AppData\Local\kbxcoqfl\sepoyqoc.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-12-26 00:34 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2011-08-11 12:27 358336 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-05-27 11:03 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    Trusted Zone: hsbc.co.uk\staffremoteaccess1
    Trusted Zone: kcl.ac.uk\firepass
    Trusted Zone: microsoft.com\v4.windowsupdate
    Trusted Zone: microsoft.com\v5.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    Trusted Zone: windowsupdate.com\download
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
    DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vdoydmp9.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo-FileServe
    FF - prefs.js: browser.startup.homepage - hxxp://fileservehome.com/?tmp=toolbar_FileServe_homepage&prt=fileservetb04ff&clid=e3f8907bedc0480f914370093509e0f2&subid=
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3115642&SearchSource=2&q=
    FF - prefs.js: network.proxy.ftp - 194.36.10.156
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 80.163.85.134
    FF - prefs.js: network.proxy.gopher_port - 3128
    FF - prefs.js: network.proxy.http - 194.36.10.156
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 194.36.10.156
    FF - prefs.js: network.proxy.socks_port - 80
    FF - prefs.js: network.proxy.ssl - 194.36.10.156
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: keyword.URL - hxxp://fileservehome.com/?prt=mp3tubetb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-21 22:06
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    detected NTDLL code modification:
    ZwQueryDirectoryFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sepoyqoc.exe 91232 bytes executable
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{0E91EFA2-AF48-4333-9965-5DD29DE31B56}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ec,82,
    0a,7a,e1,5d,06,e6,73,1e,92,98,bd,5f,42
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}"=hex:51,66,7a,6c,4c,1d,38,12,6f,03,13,
    04,09,e5,5a,06,e2,b4,af,2b,2f,5c,eb,d2
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
    02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{BF00E119-21A3-4FD1-B178-3B8537E75C92}"=hex:51,66,7a,6c,4c,1d,38,12,77,e2,13,
    bb,91,6f,bf,0a,ce,6e,78,c5,32,b9,18,86
    "{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
    c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
    fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
    1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:90,ca,79,fa,4f,26,cd,01
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
    "GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009"
    "SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\"
    "HistoryDir"="c:\\Users\\user\\Desktop\\FM09 Addons\\FM Genie Scout 2009 XE\\History Points"
    "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000066
    "UniqueID"="25-EA80-E07F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "Currency"=dword:00000056
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.032"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ani"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.arw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bay"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bmp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bwf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cel"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cr2"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.crw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cs1"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cur"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dcr"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dcx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dib"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.djv"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.djvu"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dng"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.emf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.eps"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.erf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.fff"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.fpx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.gif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.hdr"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.icl"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.icn"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ico"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.iff"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ilbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.int"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.inta"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.iw4"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.j2c"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.j2k"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jfif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jp2"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpc"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpe"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpeg"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpg"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpk"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.kar"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.lbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m15"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m1a"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m2a"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m75"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mef"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mos"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mpv"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mrw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.nef"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.orf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pcd"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pct"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pcx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pef"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pgm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pic"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pics"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pict"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pix"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.png"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ppm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.psd"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.psp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pspimage"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.qcp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.qtpf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.raf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ras"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.raw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rgb"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rgba"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rle"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rsb"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sdv"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sfil"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sgi"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.smf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sml"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sr2"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.srf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.swa"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.tga"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.thm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.tif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.tiff"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ttc"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ttf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ulw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.vfw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.wbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.wbmp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.wmf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.xbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.xif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.xpm"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(980)
    c:\windows\system32\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Hotspot Shield\bin\hsswd.exe
    c:\program files\Acer\Acer Bio Protection\BASVC.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\conime.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Acer\Acer VCM\RS_Service.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Launch Manager\LManager.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\Citrix\ICA Client\Receiver\Receiver.exe
    c:\program files\Citrix\ICA Client\wfcrun32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-21 22:13:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-21 21:13
    ComboFix2.txt 2012-07-21 20:22
    ComboFix3.txt 2012-07-21 20:03
    .
    Pre-Run: 48,466,694,144 bytes free
    Post-Run: 48,318,095,360 bytes free
    .
    - - End Of File - - A92FFAF8A3C6DAFE39ECB91F4E152E86
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  7. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi dvk01,

    Thank you for the reply.

    I have followed your instructions, a script window did pop-up that asked me to upload, but no internet explorer page opened, so I went ahead and uploaded the zip file on "the spykiller"

    Please find the zip file here: http://thespykiller.co.uk/index.php?topic=9969.msg39440#msg39440


    When the combo fix completed, there was also a log, so I also copied it on this post (just in case you require it):


    ComboFix 12-07-21.01 - user 22/07/2012 1:54.5.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.3069.2140 [GMT 1:00]
    Running from: c:\users\user\Desktop\username123.exe
    Command switches used :: c:\users\user\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    file zipped: c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sepoyqoc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\user\AppData\Local\gxqktffo.log
    c:\users\user\AppData\Local\iqheghjr.log
    c:\users\user\AppData\Local\kbxcoqfl
    c:\users\user\AppData\Local\mfatlnjp.log
    c:\users\user\AppData\Local\tisgapwx.log
    c:\users\user\AppData\Local\uywtvpbx.log
    c:\users\user\AppData\Local\vvmjtweo.log
    c:\users\user\AppData\Local\yrnbflns.log
    c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sepoyqoc.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MICORSOFT_WINDOWS_SERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-22 01:17 . 2012-07-22 01:19 -------- d-----w- c:\users\user\AppData\Local\temp
    2012-07-22 01:17 . 2012-07-22 01:17 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-22 01:17 . 2012-07-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-21 19:24 . 2012-07-21 20:03 -------- d-----w- C:\username123
    2012-07-20 21:13 . 2012-07-20 21:13 -------- d-----w- c:\program files\Common Files\Java
    2012-07-20 21:12 . 2012-07-20 21:12 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-15 19:19 . 2012-07-15 19:19 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-07-15 19:19 . 2012-07-15 19:19 -------- d-----w- c:\program files\Trend Micro
    2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----w- c:\program files\Common Files\Skype
    2012-07-15 13:04 . 2012-07-15 13:04 -------- d-----r- c:\program files\Skype
    2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-15 11:56 . 2012-07-15 11:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-15 00:12 . 2012-07-21 19:24 -------- d-----w- C:\ComboFix
    2012-07-14 00:24 . 2012-07-14 01:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-14 00:24 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-13 22:48 . 2012-07-13 22:48 -------- d-----w- c:\programdata\Simply Super Software
    2012-07-13 22:45 . 2012-07-13 23:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-07-10 23:57 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-10 23:50 . 2012-07-10 23:54 -------- d-----w- C:\904a9e0e8b87cd05f2
    2012-07-10 23:43 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-10 23:43 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 23:43 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-10 23:43 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-10 23:43 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-10 23:43 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-20 21:12 . 2010-05-09 17:18 687600 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-11 18:47 . 2012-04-23 19:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-11 18:47 . 2011-05-16 11:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-21 21:41 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 21:41 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 21:40 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 21:40 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 21:41 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 21:41 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 21:40 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 14:19 . 2012-06-21 21:40 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 14:12 . 2012-06-21 21:40 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-27 11:03 . 2008-05-13 06:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-05-01 14:03 . 2012-06-13 00:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-23 16:00 . 2012-06-13 00:16 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-23 16:00 . 2012-06-13 00:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-23 16:00 . 2012-06-13 00:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2011-08-11 12:18 . 2011-08-11 12:18 128960 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2011-08-10 23:16 . 2011-08-10 23:16 96192 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2011-08-11 12:18 . 2011-08-11 12:18 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2011-08-11 12:18 . 2011-08-11 12:18 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2011-08-11 12:18 . 2011-08-11 12:18 370624 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2011-08-11 12:18 . 2011-08-11 12:18 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2011-08-11 12:18 . 2011-08-11 12:18 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2011-08-10 23:18 . 2011-08-10 23:18 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2011-08-10 23:16 . 2011-08-10 23:16 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2009-12-23 04:22 . 2010-04-21 07:45 105624 ----a-w- c:\program files\opera\program\plugins\DownloadStudioXML.dll
    2011-03-18 17:57 . 2011-03-22 16:09 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-15 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
    2008-12-26 00:34 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2011-08-11 12:27 358336 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-05-27 11:03 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 17:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig
    mStart Page = hxxp://en.us.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    Trusted Zone: hsbc.co.uk\staffremoteaccess1
    Trusted Zone: kcl.ac.uk\firepass
    Trusted Zone: microsoft.com\v4.windowsupdate
    Trusted Zone: microsoft.com\v5.windowsupdate
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    Trusted Zone: windowsupdate.com\download
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
    DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxps://www.epost.go.kr/comm/easykeytec/easykeytec.cab
    FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\vdoydmp9.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-22 02:21
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
    43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
    "{0E91EFA2-AF48-4333-9965-5DD29DE31B56}"=hex:51,66,7a,6c,4c,1d,38,12,cc,ec,82,
    0a,7a,e1,5d,06,e6,73,1e,92,98,bd,5f,42
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{00000001-AB3B-4334-9DA2-EC6B2A02AFC6}"=hex:51,66,7a,6c,4c,1d,38,12,6f,03,13,
    04,09,e5,5a,06,e2,b4,af,2b,2f,5c,eb,d2
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
    02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
    aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
    aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{BF00E119-21A3-4FD1-B178-3B8537E75C92}"=hex:51,66,7a,6c,4c,1d,38,12,77,e2,13,
    bb,91,6f,bf,0a,ce,6e,78,c5,32,b9,18,86
    "{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
    c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7,
    fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
    1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:90,ca,79,fa,4f,26,cd,01
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
    "GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009"
    "SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2009\\"
    "HistoryDir"="c:\\Users\\user\\Desktop\\FM09 Addons\\FM Genie Scout 2009 XE\\History Points"
    "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "SkinName"="Champions League"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000066
    "UniqueID"="25-EA80-E07F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "Currency"=dword:00000056
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.032"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ani"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.arw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bay"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bmp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.bwf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cel"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cr2"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.crw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cs1"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.cur"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dcr"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dcx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dib"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.djv"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.djvu"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.dng"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.emf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.eps"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.erf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.fff"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.fpx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.gif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.hdr"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.icl"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.icn"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ico"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.iff"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ilbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.int"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.inta"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.iw4"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.j2c"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.j2k"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jfif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jp2"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpc"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpe"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpeg"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpg"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpk"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.jpx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.kar"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.lbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m15"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m1a"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m2a"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.m75"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mef"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mos"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mpv"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.mrw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.nef"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.orf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pcd"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pct"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pcx"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pef"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pgm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pic"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pics"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pict"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pix"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.png"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ppm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.psd"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.psp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.pspimage"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.qcp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.qtpf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.raf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ras"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.raw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rgb"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rgba"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rle"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.rsb"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sdv"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sfil"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sgi"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.smf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sml"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.sr2"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.srf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.swa"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.tga"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.thm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.tif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.tiff"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ttc"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ttf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.ulw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.vfw"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.wbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.wbmp"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.wmf"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.xbm"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.xif"
    .
    [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 2.0.xpm"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4844)
    c:\windows\system32\btncopy.dll
    c:\program files\WinSCP\DragExt.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Hotspot Shield\bin\hsswd.exe
    c:\program files\Acer\Acer Bio Protection\BASVC.exe
    c:\windows\system32\libusbd-nt.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\windows\system32\conime.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files\Acer\Acer VCM\RS_Service.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Launch Manager\LManager.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Citrix\ICA Client\wfcrun32.exe
    c:\program files\Citrix\ICA Client\Receiver\Receiver.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-22 02:27:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-22 01:27
    ComboFix2.txt 2012-07-21 21:13
    ComboFix3.txt 2012-07-21 20:22
    ComboFix4.txt 2012-07-21 20:03
    .
    Pre-Run: 48,347,508,736 bytes free
    Post-Run: 48,206,802,944 bytes free
    .
    - - End Of File - - A50B15C667B84383283FF841868A9E44
    Upload was successful



    Thanks,
    lamba105
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    how is the computer now
    are you still getting any problems
    if you are then
    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  9. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi dvk01,

    Computer is showing improvement, I can now access microsoft and antivirus websites.

    However Windows Defender is still not working - when I click on "turn on" in the Windows Security Centre, it claims it is turned off by group policy...very strange

    Also please can you advise if I should run anti-virus scans? Such as Malwarebyte and Superantispyware.

    Could you kindly also recommend a free antivirus/internet security program that I should use? My friend uses Kaspersky but its quite expensive.

    I am going to run the OTScanit and will post the result when it is done.

    Thanks,
    lamba105
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    lets see what OTS shows first before we move on
     
  11. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi dvk01,

    Please see attached the OTS log file:


    Code:
    OTS logfile created on: 22/07/2012 15:51:12 - Run 1
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\user\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
     
    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 143.04 Gb Total Space | 44.38 Gb Free Space | 31.03% Space Free | Partition Type: NTFS
    Drive D: | 139.50 Gb Total Space | 20.28 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: ASPIRE4930
    Current User Name: user
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation)
    msmpeng.exe -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation)
    ots.exe -> C:\Users\user\Desktop\OTS.exe -> [2012/02/22 04:29:23 | 000,646,656 | ---- | M] (OldTimer Tools)
    wfcrun32.exe -> C:\Program Files\Citrix\ICA Client\wfcrun32.exe -> [2011/08/11 13:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.)
    concentr.exe -> C:\Program Files\Citrix\ICA Client\concentr.exe -> [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.)
    receiver.exe -> C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe -> [2011/07/19 19:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.)
    hsswd.exe -> C:\Program Files\Hotspot Shield\bin\hsswd.exe -> [2010/05/25 22:00:40 | 000,323,632 | ---- | M] ()
    openvpnas.exe -> C:\Program Files\Hotspot Shield\bin\openvpnas.exe -> [2010/05/25 03:41:00 | 000,248,368 | ---- | M] ()
    explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
    conime.exe -> C:\Windows\System32\conime.exe -> [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation)
    compptcvui.exe -> C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe -> [2008/12/26 01:34:46 | 003,294,720 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
    basvc.exe -> C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -> [2008/12/26 01:34:40 | 003,471,360 | ---- | M] ()
    evteng.exe -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation)
    regsrvc.exe -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation)
    lmanager.exe -> C:\Program Files\Launch Manager\LManager.exe -> [2008/07/02 11:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.)
    agrsmsvc.exe -> C:\Windows\System32\agrsmsvc.exe -> [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems)
    rs_service.exe -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2008/01/11 02:03:00 | 000,233,472 | ---- | M] (Acer Incorporated)
    mobilityservice.exe -> C:\ACER\Mobility Center\MobilityService.exe -> [2007/12/07 00:15:28 | 000,110,592 | ---- | M] ()
    plfseti.exe -> C:\Windows\PLFSetI.exe -> [2007/10/23 19:56:18 | 000,200,704 | ---- | M] ()
    libusbd-nt.exe -> C:\Windows\System32\libusbd-nt.exe -> [2005/03/09 13:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net)
     
    [Modules - No Company Name]
    zlib1.dll -> C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll -> [2011/06/24 22:56:36 | 000,087,328 | ---- | M] ()
    libxml2.dll -> C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll -> [2011/06/24 22:56:14 | 001,241,888 | ---- | M] ()
    plfseti.exe -> C:\Windows\PLFSetI.exe -> [2007/10/23 19:56:18 | 000,200,704 | ---- | M] ()
    powerutl.dll -> C:\Program Files\Launch Manager\PowerUtl.dll -> [2003/06/07 13:30:08 | 000,057,344 | ---- | M] ()
     
    [Win32 Services - Safe List]
    (SkypeUpdate) Skype Updater [Auto | Stopped] -> C:\Program Files\Skype\Updater\Updater.exe -> [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies)
    (NisSrv) Microsoft Network Inspection [On_Demand | Stopped] -> c:\Program Files\Microsoft Security Client\NisSrv.exe -> [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation)
    (MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation)
    (HssWd) Hotspot Shield Monitoring Service [Auto | Running] -> C:\Program Files\Hotspot Shield\bin\hsswd.exe -> [2010/05/25 22:00:40 | 000,323,632 | ---- | M] ()
    (HssSrv) Hotspot Shield Routing Service [On_Demand | Stopped] -> C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -> [2010/05/25 22:00:28 | 000,348,208 | ---- | M] (AnchorFree Inc.)
    (HssTrayService) Hotspot Shield Tray Service [On_Demand | Stopped] -> C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -> [2010/05/25 03:42:18 | 000,057,640 | ---- | M] ()
    (HotspotShieldService) Hotspot Shield Service [Auto | Running] -> C:\Program Files\Hotspot Shield\bin\openvpnas.exe -> [2010/05/25 03:41:00 | 000,248,368 | ---- | M] ()
    (ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2010/02/26 15:14:04 | 000,652,800 | ---- | M] (Nokia)
    (GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe -> [2009/09/18 13:40:33 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
    (FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/01/08 18:28:25 | 000,655,624 | ---- | M] (Acresso Software Inc.)
    (IGBASVC) iGroupTec Service [Auto | Running] -> C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -> [2008/12/26 01:34:40 | 003,471,360 | ---- | M] ()
    (EvtEng) Intel® PROSet/Wireless Event Log [Auto | Running] -> C:\Program Files\Intel\WiFi\bin\EvtEng.exe -> [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation)
    (RegSrvc) Intel® PROSet/Wireless Registry Service [Auto | Running] -> C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -> [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation)
    (AgereModemAudio) Agere Modem Call Progress Audio [Auto | Running] -> C:\Windows\System32\agrsmsvc.exe -> [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems)
    (WinDefend) Windows Defender [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation)
    (RS_Service) Raw Socket Service [Auto | Running] -> C:\Program Files\Acer\Acer VCM\RS_Service.exe -> [2008/01/11 02:03:00 | 000,233,472 | ---- | M] (Acer Incorporated)
    (MobilityService) MobilityService [Auto | Running] -> C:\Acer\Mobility Center\MobilityService.exe -> [2007/12/07 00:15:28 | 000,110,592 | ---- | M] ()
    (libusbd) LibUsb-Win32 - Daemon, Version 0.1.10.1 [Auto | Running] -> C:\Windows\System32\libusbd-nt.exe -> [2005/03/09 13:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net)
     
    [Driver Services - Safe List]
    (NisDrv) Microsoft Network Inspection System [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\NisDrvWFP.sys -> [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation)
    (ctxusbm) Citrix USB Monitor Driver [Kernel | System | Running] -> C:\Windows\System32\drivers\ctxusbm.sys -> [2011/08/11 00:20:24 | 000,066,776 | ---- | M] (Citrix Systems, Inc.)
    (sptd) sptd [Kernel | Disabled | Stopped] -> C:\Windows\System32\drivers\sptd.sys -> [2010/11/26 22:12:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.)
    (RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Rtlh86.sys -> [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            )
    (HssDrv) Hotspot Shield Helper Miniport [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\hssdrv.sys -> [2010/05/13 23:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.)
    (taphss) Anchorfree HSS Adapter [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\taphss.sys -> [2010/05/13 23:05:40 | 000,032,768 | ---- | M] (AnchorFree Inc)
    (kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> C:\Windows\System32\drivers\kbdhid.sys -> [2010/05/05 22:56:55 | 000,000,000 | ---- | M] ()
    (NVHDA) Service for NVIDIA High Definition Audio Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvhda32v.sys -> [2009/08/21 21:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation)
    (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2009/08/19 13:35:00 | 009,787,488 | ---- | M] (NVIDIA Corporation)
    (tap0901) TAP-Win32 Adapter V9 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tap0901.sys -> [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project)
    (JMCR) JMCR [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\jmcr.sys -> [2009/04/17 09:48:12 | 000,114,528 | ---- | M] (JMicron Technology Corporation)
    (hamachi) Hamachi Network Interface [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\hamachi.sys -> [2009/02/06 16:29:40 | 000,025,280 | ---- | M] (LogMeIn, Inc.)
    (AlfaFF) AlfaFF File System mini-filter [File_System | Boot | Running] -> C:\Windows\system32\Drivers\AlfaFF.sys -> [2008/12/26 01:34:34 | 000,043,184 | ---- | M] (Alfa Corporation)
    (NETw5v32) Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NETw5v32.sys -> [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation)
    (pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia)
    (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\atswpdrv.sys -> [2008/04/25 19:31:26 | 000,146,688 | ---- | M] (AuthenTec, Inc.)
    (AgereSoftModem) Agere Systems Soft Modem [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\AGRSM.sys -> [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems)
    (bfturboh) BUFFALO TurboUSB for HD Filter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\bfturboh.sys -> [2008/02/12 02:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.)
    (enecir) ENE CIR Receiver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\enecir.sys -> [2008/01/24 21:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.)
    (tapvpn) TAP VPN Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tapvpn.sys -> [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project)
    (DritekPortIO) Dritek General Port I/O [Kernel | System | Running] -> C:\Program Files\Launch Manager\DPortIO.sys -> [2006/11/02 21:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.)
    (libusb0) LibUsb-Win32 - Kernel Driver, Version 0.1.10.1 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\libusb0.sys -> [2005/03/09 13:50:16 | 000,033,792 | ---- | M] ()
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://en.us.acer.yahoo.com -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: Main\\"Default Download Directory" -> C:\Users\user\Desktop -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: Main\\"Start Page" -> http://www.google.com/ig -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: "ProxyEnable" -> 0 -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\: "ProxyOverride" -> *.local -> 
    < FireFox Settings [Prefs.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vdoydmp9.default\prefs.js -> 
    browser.search.defaultengine -> "Yahoo-FileServe" ->
    browser.search.defaultenginename -> "Yahoo-FileServe" ->
    browser.search.order.1 -> "Yahoo-FileServe" ->
    browser.search.param.yahoo-fr -> "megaup" ->
    browser.search.param.yahoo-fr-cjkt -> "megaup" ->
    browser.search.selectedEngineURL -> "http://fileservehome.com/?&prt=fileservetb01ff&clid=e3f8907bedc0480f914370093509e0f2&subid=&Keywords={searchTerms}" ->
    extensions.enabledItems -> [email protected]:1.19.1 ->
    extensions.enabledItems -> {0851d9cd-87db-4a0d-a792-097dc9071486}:5.2 ->
    extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 ->
    extensions.enabledItems -> avg@igeared:6.010.006.004 ->
    extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
    extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 ->
    network.proxy.backup.ftp -> "212.113.5.2" ->
    network.proxy.backup.ftp_port -> 90 ->
    network.proxy.backup.gopher -> "89.186.169.182" ->
    network.proxy.backup.gopher_port -> 3128 ->
    network.proxy.backup.socks -> "212.113.5.2" ->
    network.proxy.backup.socks_port -> 90 ->
    network.proxy.backup.ssl -> "212.113.5.2" ->
    network.proxy.backup.ssl_port -> 90 ->
    network.proxy.no_proxies_on -> "" ->
    network.proxy.share_proxy_settings -> true ->
    < FireFox Settings [User.js] > -> C:\Users\user\AppData\Roaming\Mozilla\FireFox\Profiles\vdoydmp9.default\user.js -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e} -> C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\ [C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\DEFAULT MANAGER\DMEXTENSION\] -> [2010/07/08 18:08:07 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2012/05/27 12:04:44 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2012/05/27 12:04:44 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 4.0\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2012/07/16 10:49:09 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2012/07/20 22:12:51 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
      -> C:\Users\user\AppData\Roaming\mozilla\Extensions -> [2009/01/16 16:01:31 | 000,000,000 | ---D | M]
      -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions -> [2012/05/21 01:57:16 | 000,000,000 | ---D | M]
    DownloadStudio Integration   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{0851d9cd-87db-4a0d-a792-097dc9071486} -> [2010/04/21 08:45:31 | 000,000,000 | ---D | M]
    MegaUpload Time Attack   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{1cdccf78-1ea9-4f40-b69f-ef7674dbef8c} -> [2009/09/19 00:03:26 | 000,000,000 | ---D | M]
    Microsoft .NET Framework Assistant   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/05/11 15:19:27 | 000,000,000 | ---D | M]
    uTorrentControl3 Community Toolbar   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a} -> [2012/05/21 01:57:17 | 000,000,000 | ---D | M]
    "Megaupload Toolbar"   -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D} -> [2010/01/16 02:23:26 | 000,000,000 | ---D | M]
      -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\[email protected] -> [2010/03/03 00:10:52 | 000,000,000 | ---D | M]
      -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\[email protected] -> [2010/12/24 01:04:02 | 000,000,000 | ---D | M]
      -> C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\vdoydmp9.default\extensions\[email protected] -> [2011/04/16 07:17:19 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2012/07/20 22:09:24 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/09 18:19:01 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/25 22:53:12 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/10/27 16:46:52 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2010/12/25 19:42:26 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011/03/09 04:31:44 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -> [2011/06/17 01:59:56 | 000,000,000 | ---D | M]
    No name found -> C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} -> File not found
    RealPlayer Browser Record Plugin -> C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT -> [2012/05/27 12:04:44 | 000,000,000 | ---D | M]
    No name found -> C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VDOYDMP9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI -> ()
    British English Dictionary -> C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VDOYDMP9.DEFAULT\EXTENSIONS\[email protected] -> [2010/12/24 01:04:02 | 000,000,000 | ---D | M]
    < HOSTS File > ([2012/07/22 02:19:34 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1       localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2011/08/30 12:57:33 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
    {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2012/05/27 12:04:42 | 000,425,680 | ---- | M] (RealPlayer)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre7\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/07/20 22:12:12 | 000,453,104 | ---- | M] (Oracle Corporation)
    {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/11/26 02:07:30 | 000,764,912 | ---- | M] (Google Inc.)
    {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/12/30 02:03:26 | 000,098,304 | ---- | M] ()
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2012/07/20 22:12:12 | 000,157,680 | ---- | M] (Oracle Corporation)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    ShellBrowser\\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "APSDaemon" -> C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.)
    "ConnectionCenter" -> C:\Program Files\Citrix\ICA Client\concentr.exe ["C:\Program Files\Citrix\ICA Client\concentr.exe" /startup] -> [2011/08/11 13:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.)
    "LManager" -> C:\Program Files\Launch Manager\LManager.exe [C:\PROGRA~1\LAUNCH~1\LManager.exe] -> [2008/07/02 11:35:52 | 000,850,440 | ---- | M] (Dritek System Inc.)
    "MSC" -> c:\Program Files\Microsoft Security Client\msseces.exe ["c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey] -> [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation)
    "NvCplDaemon" -> C:\Windows\System32\NvCpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2009/08/19 15:24:18 | 013,793,824 | ---- | M] (NVIDIA Corporation)
    "PLFSetI" -> C:\Windows\PLFSetI.exe [C:\Windows\PLFSetI.exe] -> [2007/10/23 19:56:18 | 000,200,704 | ---- | M] ()
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    \\"EnableLUA" ->  [0] -> File not found
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    Append to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert link target to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert link target to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert selected links to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert selected links to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert selection to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert selection to existing PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Convert to Adobe PDF -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2011/08/30 13:26:16 | 000,320,928 | ---- | M] (Adobe Systems Incorporated)
    Download all with Free Download Manager -> C:\Program Files\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 13:25:02 | 000,000,893 | ---- | M] ()
    Download selected with Free Download Manager -> C:\Program Files\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 13:25:02 | 000,000,463 | ---- | M] ()
    Download video with Free Download Manager -> C:\Program Files\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 01:34:42 | 000,001,706 | ---- | M] ()
    Download with Free Download Manager -> C:\Program Files\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 13:25:02 | 000,002,140 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {10954C80-4F0F-11d3-B17C-00C0DFE39736}:Exec [HKLM] -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe [Button: Quick-Launching Area] -> [2008/12/26 01:34:51 | 003,772,136 | ---- | M] ()
    {10954C80-4F0F-11d3-B17C-00C0DFE39736}:Exec [HKLM] -> C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe [Menu: Quick-Launching Area] -> [2008/12/26 01:34:51 | 003,772,136 | ---- | M] ()
    {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2011/09/04 02:25:33 | 000,579,416 | ---- | M] (PokerStars)
    {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Button: @btrez.dll,-4015] -> [2007/01/23 12:57:52 | 000,002,758 | ---- | M] ()
    {CCA281CA-C863-46ef-9331-5C8D4460577F}:C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [HKLM] -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [Menu: @btrez.dll,-12650] -> [2007/01/23 12:57:52 | 000,002,758 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] ->  [@btrez.dll,-4015] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4816 domain(s) found. -> 
    staffremoteaccess1_hsbc.co.uk [https] -> Trusted sites -> 
    firepass_kcl.ac.uk [http] -> Trusted sites -> 
    firepass_kcl.ac.uk [https] -> Trusted sites -> 
    v4.windowsupdate_microsoft.com [http] -> Trusted sites -> 
    v4.windowsupdate_microsoft.com [https] -> Trusted sites -> 
    v5.windowsupdate_microsoft.com [http] -> Trusted sites -> 
    windowsupdate_microsoft.com [http] -> Trusted sites -> 
    pps.tv .[http] -> Trusted sites -> 
    ppstream.com .[http] -> Trusted sites -> 
    webscache.com .[http] -> Trusted sites -> 
    download_windowsupdate.com [http] -> Trusted sites -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\] > -> HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-3634843480-2123401004-3452999172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {15BE8BEE-4105-4A79-B385-25068AA967DB} [HKLM] -> http://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB [VBIRDPlayer.Player] -> 
    {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
    {2DCB00FB-3485-486B-BD41-C49AD605264D} [HKLM] -> https://www.epost.go.kr/comm/easykeytec/easykeytec.cab [EZKeytecWeb Class] -> 
    {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab [DLM Control] -> 
    {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Value error.] -> 
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
    {E6F480FC-BD44-4CBA-B74A-89AF7842937D} [HKLM] -> http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab [SysInfo Class] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {6978C0C8-E728-4253-9995-1E21EB1F7808}\\DhcpNameServer -> 192.168.1.1   (Realtek PCIe GBE Family Controller) -> 
    {860D42D6-BF91-443B-A831-C7B15D384F31}\\DhcpNameServer -> 192.168.1.1   (Intel(R) WiFi Link 5100 AGN) -> 
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "MaxScriptStatements" -> Reg Error: Invalid data type.
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe -> [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    !SASWinLogon ->  -> File not found
    AWinNotifyVitaKey MC3000 -> C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll -> [2008/12/26 01:34:49 | 002,972,160 | ---- | M] (Arachnoid Biometrics Identification Group Corp.)
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] ->  [] -> File not found
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> Reg Error: Key error. [] -> File not found
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\Program Files\PPStream\PPSAP.exe" ->  [C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷] -> File not found
    "C:\Program Files\PPStream\PPStream.exe" ->  [C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ] -> File not found
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 22:43:36 | 000,000,024 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Users\user\Desktop\OTS.exe -> [2012/07/22 13:45:10 | 000,646,656 | ---- | C] (OldTimer Tools)
     Microsoft Security Client -> C:\Program Files\Microsoft Security Client -> [2012/07/22 13:25:37 | 000,000,000 | ---D | C]
     netio.sys -> C:\Windows\System32\drivers\netio.sys -> [2012/07/22 13:17:18 | 000,221,568 | ---- | C] (Microsoft Corporation)
     temp -> C:\Users\user\AppData\Local\temp -> [2012/07/22 02:28:45 | 000,000,000 | ---D | C]
     $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/07/22 02:27:01 | 000,000,000 | -HSD | C]
     username12312530u -> C:\username12312530u -> [2012/07/22 01:52:31 | 000,000,000 | ---D | C]
     username12315326u -> C:\username12315326u -> [2012/07/21 21:38:13 | 000,000,000 | ---D | C]
     username12331959u -> C:\username12331959u -> [2012/07/21 21:07:08 | 000,000,000 | ---D | C]
     SWREG.exe -> C:\Windows\SWREG.exe -> [2012/07/21 20:24:27 | 000,518,144 | ---- | C] (SteelWerX)
     SWSC.exe -> C:\Windows\SWSC.exe -> [2012/07/21 20:24:27 | 000,406,528 | ---- | C] (SteelWerX)
     NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/07/21 20:24:27 | 000,060,416 | ---- | C] (NirSoft)
     username123 -> C:\username123 -> [2012/07/21 20:24:17 | 000,000,000 | ---D | C]
     username123.exe -> C:\Users\user\Desktop\username123.exe -> [2012/07/21 20:21:26 | 004,582,474 | R--- | C] (Swearware)
     Java -> C:\Program Files\Common Files\Java -> [2012/07/20 22:13:19 | 000,000,000 | ---D | C]
     npDeployJava1.dll -> C:\Windows\System32\npDeployJava1.dll -> [2012/07/20 22:12:51 | 000,772,592 | ---- | C] (Oracle Corporation)
     javaws.exe -> C:\Windows\System32\javaws.exe -> [2012/07/20 22:12:51 | 000,227,824 | ---- | C] (Oracle Corporation)
     javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/07/20 22:12:31 | 000,174,064 | ---- | C] (Oracle Corporation)
     java.exe -> C:\Windows\System32\java.exe -> [2012/07/20 22:12:31 | 000,174,064 | ---- | C] (Oracle Corporation)
     The Young Romans - Tiger Child -> C:\Users\user\Desktop\The Young Romans - Tiger Child -> [2012/07/16 15:29:53 | 000,000,000 | ---D | C]
     Scan pro -> C:\Users\user\Desktop\Scan pro -> [2012/07/15 20:19:57 | 000,000,000 | ---D | C]
     Trend Micro -> C:\Program Files\Trend Micro -> [2012/07/15 20:19:22 | 000,000,000 | ---D | C]
     HiJackThis -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2012/07/15 20:19:22 | 000,000,000 | ---D | C]
     Skype -> C:\Program Files\Skype -> [2012/07/15 14:04:56 | 000,000,000 | R--D | C]
     Skype -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype -> [2012/07/15 14:04:56 | 000,000,000 | ---D | C]
     Skype -> C:\Program Files\Common Files\Skype -> [2012/07/15 14:04:56 | 000,000,000 | ---D | C]
     CCleaner -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner -> [2012/07/15 12:19:51 | 000,000,000 | ---D | C]
     ComboFix -> C:\ComboFix -> [2012/07/15 01:12:55 | 000,000,000 | ---D | C]
     Qoobox -> C:\Qoobox -> [2012/07/15 01:11:58 | 000,000,000 | ---D | C]
     Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/07/14 01:24:56 | 000,000,000 | ---D | C]
     mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2012/07/14 01:24:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation)
     Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2012/07/14 01:24:52 | 000,000,000 | ---D | C]
     Simply Super Software -> C:\ProgramData\Simply Super Software -> [2012/07/13 23:48:51 | 000,000,000 | ---D | C]
     Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2012/07/13 23:45:39 | 000,000,000 | ---D | C]
     gc backup -> C:\Users\user\Desktop\gc backup -> [2012/07/13 23:26:19 | 000,000,000 | ---D | C]
     win32k.sys -> C:\Windows\System32\win32k.sys -> [2012/07/11 00:57:24 | 002,047,488 | ---- | C] (Microsoft Corporation)
     904a9e0e8b87cd05f2 -> C:\904a9e0e8b87cd05f2 -> [2012/07/11 00:50:11 | 000,000,000 | ---D | C]
     mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2012/07/11 00:49:12 | 002,382,848 | ---- | C] (Microsoft Corporation)
     ieui.dll -> C:\Windows\System32\ieui.dll -> [2012/07/11 00:49:11 | 000,176,640 | ---- | C] (Microsoft Corporation)
     ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2012/07/11 00:49:10 | 000,142,848 | ---- | C] (Microsoft Corporation)
     jscript9.dll -> C:\Windows\System32\jscript9.dll -> [2012/07/11 00:49:09 | 001,800,192 | ---- | C] (Microsoft Corporation)
     url.dll -> C:\Windows\System32\url.dll -> [2012/07/11 00:49:09 | 000,231,936 | ---- | C] (Microsoft Corporation)
     jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2012/07/11 00:49:08 | 000,065,024 | ---- | C] (Microsoft Corporation)
     inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2012/07/11 00:49:07 | 001,427,968 | ---- | C] (Microsoft Corporation)
     ncrypt.dll -> C:\Windows\System32\ncrypt.dll -> [2012/07/11 00:43:14 | 000,204,288 | ---- | C] (Microsoft Corporation)
     Car rental -> C:\Users\user\Desktop\Car rental -> [2012/06/25 00:35:18 | 000,000,000 | ---D | C]
     3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
     2 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> 
     1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     nvModes.dat -> C:\ProgramData\nvModes.dat -> [2012/07/22 15:52:23 | 000,496,206 | ---- | M] ()
     nvModes.001 -> C:\ProgramData\nvModes.001 -> [2012/07/22 15:52:22 | 000,496,206 | ---- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/07/22 15:36:51 | 000,003,344 | -H-- | M] ()
     7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/07/22 15:36:51 | 000,003,344 | -H-- | M] ()
     Apple Safari.lnk -> C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2012/07/22 14:42:24 | 000,002,305 | ---- | M] ()
     bootstat.dat -> C:\Windows\bootstat.dat -> [2012/07/22 13:36:49 | 000,067,584 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2012/07/22 13:35:51 | 3219,144,704 | -HS- | M] ()
     bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2012/07/22 13:34:48 | 000,000,012 | ---- | M] ()
     epplauncher.mif -> C:\Windows\epplauncher.mif -> [2012/07/22 13:28:45 | 000,001,945 | ---- | M] ()
     perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2012/07/22 13:25:58 | 000,609,784 | ---- | M] ()
     perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2012/07/22 13:25:58 | 000,110,894 | ---- | M] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2012/07/22 03:00:59 | 000,185,344 | ---- | M] ()
     hosts -> C:\Windows\System32\drivers\etc\hosts -> [2012/07/22 02:19:34 | 000,000,027 | ---- | M] ()
     username123.exe -> C:\Users\user\Desktop\username123.exe -> [2012/07/21 20:21:20 | 004,582,474 | R--- | M] (Swearware)
     defogger_reenable -> C:\Users\user\defogger_reenable -> [2012/07/20 22:42:33 | 000,000,000 | ---- | M] ()
     npDeployJava1.dll -> C:\Windows\System32\npDeployJava1.dll -> [2012/07/20 22:12:12 | 000,772,592 | ---- | M] (Oracle Corporation)
     deployJava1.dll -> C:\Windows\System32\deployJava1.dll -> [2012/07/20 22:12:12 | 000,687,600 | ---- | M] (Oracle Corporation)
     javaws.exe -> C:\Windows\System32\javaws.exe -> [2012/07/20 22:12:12 | 000,227,824 | ---- | M] (Oracle Corporation)
     javaw.exe -> C:\Windows\System32\javaw.exe -> [2012/07/20 22:12:12 | 000,174,064 | ---- | M] (Oracle Corporation)
     java.exe -> C:\Windows\System32\java.exe -> [2012/07/20 22:12:12 | 000,174,064 | ---- | M] (Oracle Corporation)
     Suits.S02E05.HDTV.XviD-KWZ.avi -> C:\Users\user\Desktop\Suits.S02E05.HDTV.XviD-KWZ.avi -> [2012/07/20 20:18:38 | 364,656,146 | ---- | M] ()
     White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> C:\Users\user\Desktop\White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> [2012/07/19 19:28:25 | 003,670,016 | ---- | M] ()
     White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> C:\Users\user\Desktop\White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> [2012/07/18 04:40:29 | 347,783,388 | ---- | M] ()
     launch.ica.f6uhmq7.partial -> C:\Users\user\Desktop\launch.ica.f6uhmq7.partial -> [2012/07/16 10:51:57 | 000,001,609 | ---- | M] ()
     Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2012/07/16 10:25:05 | 000,000,868 | ---- | M] ()
     NeroDigital.ini -> C:\Windows\NeroDigital.ini -> [2012/07/15 17:00:54 | 000,000,069 | ---- | M] ()
     d3d9caps.dat -> C:\Users\user\AppData\Local\d3d9caps.dat -> [2012/07/14 10:05:36 | 000,001,356 | ---- | M] ()
     Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/07/14 01:24:56 | 000,000,910 | ---- | M] ()
     FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2012/07/11 01:03:36 | 002,362,744 | ---- | M] ()
     mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation)
     3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> 
     2 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> 
     1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> 
     
    [Files - No Company Name]
     epplauncher.mif -> C:\Windows\epplauncher.mif -> [2012/07/22 13:28:45 | 000,001,945 | ---- | C] ()
     Microsoft Security Essentials.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> [2012/07/22 13:26:13 | 000,001,830 | ---- | C] ()
     PEV.exe -> C:\Windows\PEV.exe -> [2012/07/21 20:24:27 | 000,256,000 | ---- | C] ()
     MBR.exe -> C:\Windows\MBR.exe -> [2012/07/21 20:24:27 | 000,208,896 | ---- | C] ()
     sed.exe -> C:\Windows\sed.exe -> [2012/07/21 20:24:27 | 000,098,816 | ---- | C] ()
     grep.exe -> C:\Windows\grep.exe -> [2012/07/21 20:24:27 | 000,080,412 | ---- | C] ()
     zip.exe -> C:\Windows\zip.exe -> [2012/07/21 20:24:27 | 000,068,096 | ---- | C] ()
     defogger_reenable -> C:\Users\user\defogger_reenable -> [2012/07/20 22:42:33 | 000,000,000 | ---- | C] ()
     Suits.S02E05.HDTV.XviD-KWZ.avi -> C:\Users\user\Desktop\Suits.S02E05.HDTV.XviD-KWZ.avi -> [2012/07/20 19:55:37 | 364,656,146 | ---- | C] ()
     White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> C:\Users\user\Desktop\White-1.Collar.S04E02.HDTV.XviD-AFG.avi -> [2012/07/19 19:56:45 | 347,783,388 | ---- | C] ()
     White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> C:\Users\user\Desktop\White.Collar.S04E02.HDTV.XviD-AFG.avi.download -> [2012/07/19 19:27:56 | 003,670,016 | ---- | C] ()
     launch.ica.f6uhmq7.partial -> C:\Users\user\Desktop\launch.ica.f6uhmq7.partial -> [2012/07/16 10:52:00 | 000,001,609 | ---- | C] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2012/07/15 00:27:02 | 3219,144,704 | -HS- | C] ()
     Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/07/14 01:24:56 | 000,000,910 | ---- | C] ()
     hpqins13.dat -> C:\Windows\hpqins13.dat -> [2011/08/03 04:19:45 | 000,019,519 | ---- | C] ()
     hpoins21.dat -> C:\Windows\hpoins21.dat -> [2011/08/03 02:47:53 | 000,165,497 | ---- | C] ()
     ViewNX2.INI -> C:\Windows\ViewNX2.INI -> [2011/07/22 00:56:10 | 000,000,000 | ---- | C] ()
     Bundle -> C:\ProgramData\Bundle -> [2011/07/21 23:34:44 | 000,000,268 | RH-- | C] ()
     Booms -> C:\Users\user\AppData\Roaming\Booms -> [2011/07/21 23:34:44 | 000,000,268 | RH-- | C] ()
     PKP_DLev.DAT -> C:\ProgramData\PKP_DLev.DAT -> [2011/07/21 23:34:44 | 000,000,020 | -H-- | C] ()
     Bubble Noise -> C:\ProgramData\Bubble Noise -> [2011/07/21 23:34:43 | 000,000,268 | RH-- | C] ()
     BookService -> C:\Users\user\AppData\Roaming\BookService -> [2011/07/21 23:34:43 | 000,000,268 | RH-- | C] ()
     PKP_DLes.DAT -> C:\ProgramData\PKP_DLes.DAT -> [2011/07/21 23:34:43 | 000,000,020 | -H-- | C] ()
     Brother -> C:\ProgramData\Brother -> [2011/07/21 23:34:41 | 000,000,268 | RH-- | C] ()
     Bass Reduction -> C:\Users\user\AppData\Roaming\Bass Reduction -> [2011/07/21 23:34:41 | 000,000,268 | RH-- | C] ()
     PKP_DLet.DAT -> C:\ProgramData\PKP_DLet.DAT -> [2011/07/21 23:34:41 | 000,000,020 | -H-- | C] ()
     winscp.rnd -> C:\Users\user\AppData\Roaming\winscp.rnd -> [2011/03/11 03:11:24 | 000,000,600 | ---- | C] ()
     
    [Files/Folders - Unicode - All]
    C:\Windows\System32\?u -> C:\Windows\System32\&#62256;&#365; -> [2011/04/14 16:51:50 | 000,000,036 | ---- | C] ()
    C:\Windows\System32\?u -> C:\Windows\System32\&#62256;&#365; -> [2011/04/14 16:51:50 | 000,000,036 | ---- | M] ()
    C:\Windows\System32\?i -> C:\Windows\System32\&#49672;&#301; -> [2011/06/04 15:06:47 | 000,000,036 | ---- | C] ()
    C:\Windows\System32\?i -> C:\Windows\System32\&#49672;&#301; -> [2011/06/04 15:06:47 | 000,000,036 | ---- | M] ()
    C:\Windows\System32\?? -> C:\Windows\System32\&#32624;&#1224; -> [2011/08/09 12:58:17 | 000,000,036 | ---- | C] ()
    C:\Windows\System32\?? -> C:\Windows\System32\&#32624;&#1224; -> [2011/08/09 12:58:17 | 000,000,036 | ---- | M] ()
    C:\Windows\System32\?z -> C:\Windows\System32\&#53144;&#380; -> [2011/08/11 17:24:40 | 000,000,036 | ---- | C] ()
    C:\Windows\System32\?z -> C:\Windows\System32\&#53144;&#380; -> [2011/08/11 17:24:40 | 000,000,036 | ---- | M] ()
    C:\Windows\System32\?b -> C:\Windows\System32\&#33128;&#384; -> [2011/09/21 23:05:22 | 000,000,036 | ---- | C] ()
    C:\Windows\System32\?b -> C:\Windows\System32\&#33128;&#384; -> [2011/09/21 23:05:22 | 000,000,036 | ---- | M] ()
    C:\Users\user\Desktop\??.rmvb -> C:\Users\user\Desktop\&#36870;&#25136;.rmvb -> [2012/02/08 15:29:46 | 508,673,289 | ---- | M] ()
    C:\Users\user\Desktop\??.rmvb -> C:\Users\user\Desktop\&#36870;&#25136;.rmvb -> [2012/02/08 15:31:59 | 508,673,289 | ---- | C] ()
     
    [Alternate Data Streams]
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CB0AACC9
    @Alternate Data Stream - 642 bytes -> C:\Users\user\Desktop\launch.ica.f6uhmq7.partial:icasource
    < End of report >
    

    Thanks,
    lamba105
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
  13. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi dvk01,

    Just finished running Microsoft Sec. Ess. Antivirus, it found 1 item and I've deleted it.

    So far computer seems to be normal again, which is great! Thank you so much for your help.

    With the microsoft antivirus, is it safe to still run malwarebyte scans from time to time? Also do you recommend any additional software that will prevent and enhance safety of my computer?

    Really appreciate your help!

    Lamba105
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    • Please double-click OTScanIt.exe to run it.
    press cleanup & it will will delete/uninstall all the tools we have used to fix your problems and all their backup folders and then delete itself when you next reboot


    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  15. lamba105

    lamba105 Thread Starter

    Joined:
    Jul 15, 2012
    Messages:
    12
    Hi dvk01,

    Thanks for your reply.

    I believe the Microsoft Essential Security deleted the combo fix files...because when I ran Combofix /Uninstall, it said it can't find it...

    I did manage to run OTSscan and deleted the tools.

    After restarting I downloaded and ran PSI, but it just stays on the loading screen - I tried restarting, uninstalling, reinstalling and running it, but nothing happened...do I need to disable the Microsoft Essential Security first?

    Please let me know.

    Thanks,
    lamba105
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061231