Inactive Google search results redirected

Blufx · 2011/06/11

[Inactive] Google search results redirected

I've run scans galore with nothing found. This one has me baffled. Google search works fine, but when I click one of the results, there's no telling what page is going to pop up. Here's the logs requested. I appreciate any help.

Malwarebytes:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6835

Windows 6.1.7600 Service Pack 3
Internet Explorer 9.0.8112.16421

6/11/2011 11:35:02 AM
mbam-log-2011-06-11 (11-35-02).txt

Scan type: Quick scan
Objects scanned: 158027
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

aswMBR:
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-11 11:37:51
-----------------------------
11:37:51.821 OS Version: Windows 6.1.7600 Service Pack 3
11:37:51.821 Number of processors: 2 586 0xF0D
11:37:51.826 ComputerName: MARK-PC UserName: Mark
11:37:53.143 Initialize success
11:38:06.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
11:38:06.654 Disk 0 Vendor: WDC_WD3200BEVT-00A0RT0 01.01A01 Size: 305245MB BusType: 11
11:38:08.757 Disk 0 MBR read successfully
11:38:08.761 Disk 0 MBR scan
11:38:08.765 Disk 0 Windows 7 default MBR code
11:38:10.815 Disk 0 scanning sectors +625136400
11:38:11.044 Disk 0 scanning C:\Windows\system32\drivers
11:39:02.057 Service scanning
11:39:03.603 Disk 0 trace - called modules:
11:39:03.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x876081ed]<<
11:39:03.630 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87557648]
11:39:03.636 3 CLASSPNP.SYS[8cfb259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8703a908]
11:39:03.641 \Driver\atapi[0x8709ff38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x876081ed
11:39:03.648 Scan finished successfully
11:42:34.263 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\malware\MBR.dat "
11:42:34.274 The log file has been saved successfully to "C:\Users\Mark\Desktop\malware\aswMBR.txt "

DDS:
.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Mark at 11:43:49 on 2011-06-11
Microsoft Windows7® DeepBlueâ„¢ 6.1.7600.3.1252.1.1033.18.3318.1720 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files\Firefox\firefox.exe
D:\Program Files\Firefox\plugin-container.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - d:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: TBSB00982 Class: {da3d342f-ff20-4e31-9e82-22334155730c} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [Lng panel] ctfmon.exe
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\cpucool.lnk - c:\program files\cpucool\CPUCooL.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: &D&ownload &with BitComet - d:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - d:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
TCP: Interfaces\{3F59FC8B-FC53-4BF6-B953-B2B1829A2C4A} : DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
TCP: Interfaces\{84928167-8998-4C54-B930-5D5FC73274E2} : DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
TCP: Interfaces\{D63304E5-6398-46BF-9BDC-35FD89DF547D} : DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
TCP: Interfaces\{D63304E5-6398-46BF-9BDC-35FD89DF547D}\27471697C6F627 : DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
TCP: Interfaces\{D63304E5-6398-46BF-9BDC-35FD89DF547D}\F40756E62516E67656 : DhcpNameServer = 192.168.254.251
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\4l9b1nwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/sc/simpsonville/29681/city-weather-forecast.asp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-11 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-11 307928]
R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2010-1-3 11392]
R1 SASDIFSV;SASDIFSV;d:\program files\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/02 20:34:33];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-11 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-11 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-11 42184]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2271608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2011-3-21 28672]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2011-2-2 12096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\program files\bitcomet\tools\bitcometservice.exe -service --> d:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2009-12-21 43008]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2010-1-8 13080]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-15 136176]
S3 LUW;LUW;c:\users\mark\appdata\local\temp\LUW.exe [2011-6-10 539520]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2010-2-24 562464]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 OG;OG;c:\users\mark\appdata\local\temp\OG.exe [2011-6-10 580480]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-3 1343400]
S3 WTJFEY;WTJFEY;c:\users\mark\appdata\local\temp\WTJFEY.exe [2011-6-10 334720]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-11 13:49:34 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-11 13:49:33 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-11 13:48:50 40112 ----a-w- c:\windows\avastSS.scr
2011-06-11 13:48:35 -------- d-----w- c:\program files\AVAST Software
2011-06-09 19:03:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-09 16:49:28 -------- d-----w- C:\ComboFix
2011-06-09 16:44:38 -------- d-----w- c:\users\mark\appdata\local\temp
2011-06-09 16:20:24 98816 ----a-w- c:\windows\sed.exe
2011-06-09 16:20:24 518144 ----a-w- c:\windows\SWREG.exe
2011-06-09 16:20:24 256512 ----a-w- c:\windows\PEV.exe
2011-06-09 16:20:24 208896 ----a-w- c:\windows\MBR.exe
2011-06-09 15:12:17 102400 ----a-w- c:\windows\RegBootClean.exe
2011-06-08 18:47:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-08 18:47:40 -------- d-----w- c:\users\mark\appdata\roaming\SUPERAntiSpyware.com
2011-06-08 13:28:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 11:48:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 01:09:15 -------- d-----w- c:\users\mark\appdata\roaming\SerpentOfIsis
2011-05-27 06:00:32 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 21:04:34 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 17:05:02 1409 ----a-w- c:\windows\system32\tmp37256.FOT
2011-05-17 17:05:02 1409 ----a-w- c:\windows\system32\tmp0E256.FOT
2011-05-17 16:35:19 1409 ----a-w- c:\windows\system32\tmpF4ED6.FOT
2011-05-17 16:35:19 1409 ----a-w- c:\windows\system32\tmpDBED6.FOT
.
==================== Find3M ====================
.
2011-04-18 20:09:45 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-16 15:18:40 19956 ----a-w- C:\FixitRegBackup.reg
2011-04-09 06:21:36 3967360 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:21:32 3911552 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 03:07:26 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06:47 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06:43 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06:39 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06:37 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06:34 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 11:44:59.58 ===============

Blufx · 2011/06/11

First half of GMER:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-11 11:36:57
Windows 6.1.7600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200BEVT-00A0RT0 rev.01.01A01
Running: 5v60dt62.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kxldypoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x92830202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92D8ECB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9283281C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x92832874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9283298A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x92832772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x928328C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x928327C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x92832938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x92830226]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92D8ED62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9282FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9283024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x92832D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x92830CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9283284C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9283289C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x928329B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9283279E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x92832904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x928327F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92832962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92D8EDFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x92830BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9283026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x92830292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9283004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x92830186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x92830162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x928301AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x928302B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92DA4902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83C7DA19 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83CB7352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 244 83CBEB44 4 Bytes [02, 02, 83, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 26C 83CBEB6C 4 Bytes [B2, EC, D8, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 320 83CBEC20 8 Bytes [1C, 28, 83, 92, 74, 28, 83, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 83CBEC2C 4 Bytes [8A, 29, 83, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 348 83CBEC48 4 Bytes [72, 27, 83, 92]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83E45888 5 Bytes JMP 92DA02BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83E5F5FB 5 Bytes JMP 92DA1D74 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 83EA9BD2 4 Bytes CALL 9283134B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83EB1D04 4 Bytes CALL 92831361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83F17EAE 7 Bytes JMP 92DA4906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngMultiByteToUnicodeN + 7231 81E2987A 5 Bytes JMP 92833342 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 81E408AA 5 Bytes JMP 9283346C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C12F 81E6172E 5 Bytes JMP 92833E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3322 81E74F4F 5 Bytes JMP 92832F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4027 81E75C54 5 Bytes JMP 92833C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 177B 81E7B585 5 Bytes JMP 92833352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79DD 81E97AE0 5 Bytes JMP 92832FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 86C4 81E987C7 5 Bytes JMP 92832E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 92B4 81E993B7 5 Bytes JMP 928331AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A5D0 81EB41B4 5 Bytes JMP 92833B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + C985 81EB6569 5 Bytes JMP 92832DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 81EBFBAD 5 Bytes JMP 92833BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5201 81EC4840 5 Bytes JMP 92834040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 81ED7A52 5 Bytes JMP 92832E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AE86 81EEC7BF 5 Bytes JMP 92833C1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 9788 81EFFCBC 5 Bytes JMP 92833114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 81F07D9A 5 Bytes JMP 92833EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 81F1B815 5 Bytes JMP 928330DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 81F2B864 5 Bytes JMP 92833F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 81F5626F 5 Bytes JMP 92833034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C6C 81F5A27E 5 Bytes JMP 9283306A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 81F5CF34 5 Bytes JMP 92833D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6D0F 81F65C35 5 Bytes JMP 92832F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x825A8000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x825CB050]
.text kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskhost.exe[112] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[112] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[112] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[112] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskhost.exe[112] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskhost.exe[112] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00070804
.text C:\Windows\system32\taskhost.exe[112] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskhost.exe[112] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00070600
.text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[460] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[460] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[460] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[460] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 003A0A08
.text C:\Windows\System32\svchost.exe[460] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 003A03FC
.text C:\Windows\System32\svchost.exe[460] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 003A0804
.text C:\Windows\System32\svchost.exe[460] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 003A01F8
.text C:\Windows\System32\svchost.exe[460] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 003A0600
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[496] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\wininit.exe[496] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[496] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[496] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[496] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00050600
.text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\services.exe[552] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[552] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[576] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[652] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[652] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[652] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[652] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[652] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[652] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00050600
.text C:\Windows\system32\agrsmsvc.exe[684] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000903FC
.text C:\Windows\system32\agrsmsvc.exe[684] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000901F8
.text C:\Windows\system32\agrsmsvc.exe[684] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[684] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\agrsmsvc.exe[684] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001403FC
.text C:\Windows\system32\agrsmsvc.exe[684] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00140804
.text C:\Windows\system32\agrsmsvc.exe[684] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\agrsmsvc.exe[684] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[732] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[732] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[832] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[884] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[884] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[884] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 002B0A08
.text C:\Windows\System32\svchost.exe[884] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 002B03FC
.text C:\Windows\System32\svchost.exe[884] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 002B0804
.text C:\Windows\System32\svchost.exe[884] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 002B01F8
.text C:\Windows\System32\svchost.exe[884] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 002B0600
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 003B0A08
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 003B03FC
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 003B0804
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 003B01F8
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[996] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 010A0A08
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 010A03FC
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 010A0804
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 010A01F8
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 010A0600
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 001503FC
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 001501F8
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001F03FC
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 001F0804
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001F01F8
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe[1032] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1220] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 009E0A08
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 009E03FC
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 009E0804
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 009E01F8
.text C:\Windows\system32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 009E0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 001603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 001601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1356] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00200600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 77803162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1368] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1500] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1500] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1500] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1500] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1500] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1500] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1500] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1500] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[1548] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1548] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1548] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\Explorer.EXE[1548] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00150A08
.text C:\Windows\Explorer.EXE[1548] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001503FC
.text C:\Windows\Explorer.EXE[1548] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00150804
.text C:\Windows\Explorer.EXE[1548] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001501F8
.text C:\Windows\Explorer.EXE[1548] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00150600
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00110A08
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001103FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00110804
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001101F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1612] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00110600
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ADVAPI32.dll!RegSetValueExA 769C1B96 5 Bytes JMP 07C90870 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ADVAPI32.dll!RegSetValueExW 769C1C82 5 Bytes JMP 07C90930 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ADVAPI32.dll!RegSetValueW 769DFA72 5 Bytes JMP 07C907B0 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] ADVAPI32.dll!RegSetValueA 76A0F529 5 Bytes JMP 07C906F0 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!CreateDialogParamW 77299BFF 5 Bytes JMP 07C90B00 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!EnableWindow 7729A72E 5 Bytes JMP 6E809884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00230A08
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 002303FC
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00230804
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 002301F8
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!CreateDialogParamA 772B3E79 5 Bytes JMP 07C90C80 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxIndirectParamW 772C4AA7 5 Bytes JMP 6E95590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!TrackPopupMenu 772C4B3B 5 Bytes JMP 07C8FDE0 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxParamW 772C564A 5 Bytes JMP 07C90E60 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!TrackPopupMenuEx 772C5F72 5 Bytes JMP 07C8FF40 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00230600
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxParamA 772DCF6A 5 Bytes JMP 07C90D70 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!DialogBoxIndirectParamA 772DD29C 5 Bytes JMP 6E955974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxIndirectA 772EE8C9 5 Bytes JMP 6E955831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxIndirectW 772EE9C3 5 Bytes JMP 6E9557B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxExA 772EEA29 5 Bytes JMP 6E955754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxExW 772EEA4D 5 Bytes JMP 6E9556F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxA 772EEA71 5 Bytes JMP 07C90FE0 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] USER32.dll!MessageBoxW 772EEABF 5 Bytes JMP 07C910C0 C:\Users\Mark\AppData\LocalLow\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WININET.dll!HttpAddRequestHeadersA 76D01B9C 5 Bytes JMP 00406B70
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WININET.dll!HttpAddRequestHeadersW 76D4F7A8 5 Bytes JMP 00406D70
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!closesocket 76CB3BED 5 Bytes JMP 0074000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!recv 76CB47DF 5 Bytes JMP 0072000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!connect 76CB48BE 5 Bytes JMP 0073000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!getaddrinfo 76CB6737 5 Bytes JMP 0077000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!send 76CBC4C8 5 Bytes JMP 0075000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1688] WS2_32.dll!gethostbyname 76CC7133 5 Bytes JMP 0076000A
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1696] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1696] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00900A08
.text C:\Windows\system32\svchost.exe[1696] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 009003FC
.text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00900804
.text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 009001F8
.text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00900600
.text C:\Windows\System32\spoolsv.exe[1952] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1952] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1952] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00150A08
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001503FC
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00150804
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001501F8
.text C:\Windows\System32\spoolsv.exe[1952] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1980] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1980] kernel32.dll!GetBinaryTypeW + 70

Blufx · 2011/06/11

second half:

77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1992] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1992] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1992] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00280A08
.text C:\Windows\system32\svchost.exe[1992] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 002803FC
.text C:\Windows\system32\svchost.exe[1992] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00280804
.text C:\Windows\system32\svchost.exe[1992] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 002801F8
.text C:\Windows\system32\svchost.exe[1992] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00280600
.text C:\Windows\system32\ctfmon.exe[2024] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 001603FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 001601F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001F03FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 001F0804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001F01F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[2164] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2220] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[2292] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2292] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2292] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2340] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2360] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 001F0600
.text C:\Users\Mark\Desktop\5v60dt62.exe[2416] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2424] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001103FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00110804
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001101F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[2432] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00110600
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] kernel32.dll!CreateThread 7780281D 5 Bytes JMP 6E7C7133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!CreateDialogParamW 77299BFF 5 Bytes JMP 08850B00 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!EnableWindow 7729A72E 5 Bytes JMP 6E809884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 6E84EB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!CallNextHookEx 7729CC8F 5 Bytes JMP 6E827AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DefWindowProcA 7729E0E4 7 Bytes JMP 6E7C9345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!CreateWindowExA 7729E18A 5 Bytes JMP 6E7D3173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!CreateWindowExW 772A0E51 5 Bytes JMP 6E82FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 6E801FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DefWindowProcW 772A724B 7 Bytes JMP 6E827B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!CreateDialogParamA 772B3E79 5 Bytes JMP 08850C80 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamW 772C4AA7 5 Bytes JMP 6E95590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!TrackPopupMenu 772C4B3B 5 Bytes JMP 0884FDE0 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamW 772C564A 5 Bytes JMP 08850E60 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!TrackPopupMenuEx 772C5F72 5 Bytes JMP 0884FF40 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00140600
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxParamA 772DCF6A 5 Bytes JMP 08850D70 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!DialogBoxIndirectParamA 772DD29C 5 Bytes JMP 6E955974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectA 772EE8C9 5 Bytes JMP 6E955831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxIndirectW 772EE9C3 5 Bytes JMP 6E9557B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxExA 772EEA29 5 Bytes JMP 6E955754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxExW 772EEA4D 5 Bytes JMP 6E9556F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxA 772EEA71 5 Bytes JMP 08850FE0 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] USER32.dll!MessageBoxW 772EEABF 5 Bytes JMP 088510C0 C:\Users\Mark\AppData\LocalLow\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] ole32.dll!OleLoadFromStream 774B5BF6 5 Bytes JMP 6E956110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] ole32.dll!CoCreateInstance 7750590C 5 Bytes JMP 6E82B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WININET.dll!HttpAddRequestHeadersA 76D01B9C 5 Bytes JMP 00C26B70
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WININET.dll!HttpAddRequestHeadersW 76D4F7A8 5 Bytes JMP 00C26D70
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WS2_32.dll!closesocket 76CB3BED 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WS2_32.dll!recv 76CB47DF 5 Bytes JMP 00CD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WS2_32.dll!connect 76CB48BE 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WS2_32.dll!getaddrinfo 76CB6737 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WS2_32.dll!send 76CBC4C8 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3208] WS2_32.dll!gethostbyname 76CC7133 5 Bytes JMP 00D5000A
.text D:\Program Files\Firefox\plugin-container.exe[3228] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text D:\Program Files\Firefox\plugin-container.exe[3228] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text D:\Program Files\Firefox\plugin-container.exe[3228] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!SetWindowLongA 7729B1E3 5 Bytes JMP 669D8DD9 D:\Program Files\Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00100A08
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001003FC
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00100804
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001001F8
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!SetWindowLongW 772A6614 5 Bytes JMP 669D8D6B D:\Program Files\Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!GetWindowInfo 772A6A82 5 Bytes JMP 66807187 D:\Program Files\Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!TrackPopupMenu 772C4B3B 5 Bytes JMP 66807781 D:\Program Files\Firefox\xul.dll (Mozilla Foundation)
.text D:\Program Files\Firefox\plugin-container.exe[3228] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\AUDIODG.EXE[3316] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3704] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3704] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3704] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[3704] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00100600
.text D:\Program Files\Firefox\firefox.exe[3724] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text D:\Program Files\Firefox\firefox.exe[3724] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text D:\Program Files\Firefox\firefox.exe[3724] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text D:\Program Files\Firefox\firefox.exe[3724] WS2_32.dll!closesocket 76CB3BED 5 Bytes JMP 0037000A
.text D:\Program Files\Firefox\firefox.exe[3724] WS2_32.dll!connect 76CB48BE 5 Bytes JMP 0036000A
.text D:\Program Files\Firefox\firefox.exe[3724] WS2_32.dll!getaddrinfo 76CB6737 5 Bytes JMP 003A000A
.text D:\Program Files\Firefox\firefox.exe[3724] WS2_32.dll!send 76CBC4C8 5 Bytes JMP 0038000A
.text D:\Program Files\Firefox\firefox.exe[3724] WS2_32.dll!gethostbyname 76CC7133 5 Bytes JMP 0039000A
.text D:\Program Files\Firefox\firefox.exe[3724] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00230A08
.text D:\Program Files\Firefox\firefox.exe[3724] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 002303FC
.text D:\Program Files\Firefox\firefox.exe[3724] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00230804
.text D:\Program Files\Firefox\firefox.exe[3724] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 002301F8
.text D:\Program Files\Firefox\firefox.exe[3724] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00230600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] ntdll.dll!LdrUnloadDll 776BBEDF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] ntdll.dll!LdrLoadDll 776BF5E5 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] kernel32.dll!GetBinaryTypeW + 70 77817984 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] USER32.dll!UnhookWindowsHookEx 7729CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] USER32.dll!UnhookWinEvent 7729D924 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] USER32.dll!SetWindowsHookExW 772A210A 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] USER32.dll!SetWinEventHook 772A507E 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4064] USER32.dll!SetWindowsHookExA 772C6DFA 5 Bytes JMP 00100600

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:256] 8760CE7A
Thread System [4:260] 8760F008

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a313 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a313@8c541dbdf002 0x59 0xBB 0xE7 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a313@6cd68aac0fa5 0x0F 0x1E 0x37 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a313@001fe3f8423e 0x2B 0x0A 0x79 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a313@78e400fdde8f 0xBB 0x12 0xB2 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830@64995d4fa1e9 0xEF 0x6B 0x41 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830@0005c9b53f59 0x98 0x93 0x76 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f81000830@001b52a441c4 0xED 0xDB 0x50 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a313
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a313@8c541dbdf002 0x59 0xBB 0xE7 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a313@6cd68aac0fa5 0x0F 0x1E 0x37 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a313@001fe3f8423e 0x2B 0x0A 0x79 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a313@78e400fdde8f 0xBB 0x12 0xB2 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830@0005c9b53f59 0x98 0x93 0x76 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830@001b52a441c4 0xED 0xDB 0x50 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f81000830@64995d62d8d9 0xE1 0x88 0x49 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\00158315a313 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\00158315a313@8c541dbdf002 0x59 0xBB 0xE7 0xFE ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\00158315a313@6cd68aac0fa5 0x0F 0x1E 0x37 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\00158315a313@001fe3f8423e 0x2B 0x0A 0x79 0xAF ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\00158315a313@78e400fdde8f 0xBB 0x12 0xB2 0xD5 ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\001f81000830 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\001f81000830@0005c9b53f59 0x98 0x93 0x76 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\001f81000830@001b52a441c4 0xED 0xDB 0x50 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\001f81000830@64995d62d8d9 0xE1 0x88 0x49 0xE2 ...
Reg HKLM\SOFTWARE\Classes\.032\OpenWithProgids@ACDSee Photo Manager 2009.032
Reg HKLM\SOFTWARE\Classes\.abr\OpenWithProgids@ACDSee Photo Manager 2009.abr
Reg HKLM\SOFTWARE\Classes\.apd\OpenWithProgids@ACDSee Photo Manager 2009.apd
Reg HKLM\SOFTWARE\Classes\.arw\OpenWithProgids@ACDSee Photo Manager 2009.arw
Reg HKLM\SOFTWARE\Classes\.arw\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.b64\OpenWithProgids@ACDSee Photo Manager 2009.b64
Reg HKLM\SOFTWARE\Classes\.bay\OpenWithProgids@ACDSee Photo Manager 2009.bay
Reg HKLM\SOFTWARE\Classes\.bw\OpenWithProgids@ACDSee Photo Manager 2009.bw
Reg HKLM\SOFTWARE\Classes\.caf\OpenWithProgIds@ACDSee Photo Manager 2009.caf
Reg HKLM\SOFTWARE\Classes\.caf\OpenWithProgIds@QuickTime.caf
Reg HKLM\SOFTWARE\Classes\.cbr\OpenWithProgids@ACDSee Photo Manager 2009.cbr
Reg HKLM\SOFTWARE\Classes\.cbz\OpenWithProgids@ACDSee Photo Manager 2009.cbz
Reg HKLM\SOFTWARE\Classes\.cda\OpenWithList\iTunes.exe
Reg HKLM\SOFTWARE\Classes\.cda\OpenWithList\iTunes.exe@
Reg HKLM\SOFTWARE\Classes\.cda\OpenWithProgIds@WMP11.AssocFile.CDA
Reg HKLM\SOFTWARE\Classes\.cda\OpenWithProgIds@
Reg HKLM\SOFTWARE\Classes\.cr2\OpenWithProgids@ACDSee Photo Manager 2009.cr2
Reg HKLM\SOFTWARE\Classes\.cr2\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.crw\OpenWithProgids@ACDSee Photo Manager 2009.crw
Reg HKLM\SOFTWARE\Classes\.crw\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.cs1\OpenWithProgids@ACDSee Photo Manager 2009.cs1
Reg HKLM\SOFTWARE\Classes\.dcx\OpenWithProgids@ACDSee Photo Manager 2009.dcx
Reg HKLM\SOFTWARE\Classes\.djv\OpenWithProgids@ACDSee Photo Manager 2009.djv
Reg HKLM\SOFTWARE\Classes\.djvu\OpenWithProgids@ACDSee Photo Manager 2009.djvu
Reg HKLM\SOFTWARE\Classes\.dng\OpenWithProgids@ACDSee Photo Manager 2009.dng
Reg HKLM\SOFTWARE\Classes\.dng\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.erf\OpenWithProgids@ACDSee Photo Manager 2009.erf
Reg HKLM\SOFTWARE\Classes\.erf\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.fff\OpenWithProgids@ACDSee Photo Manager 2009.fff
Reg HKLM\SOFTWARE\Classes\.fpx\OpenWithProgids@ACDSee Photo Manager 2009.fpx
Reg HKLM\SOFTWARE\Classes\.frg\Access.Fragment\ShellNew
Reg HKLM\SOFTWARE\Classes\.gst\MSMap.Datainst.8\ShellNew
Reg HKLM\SOFTWARE\Classes\.hdr\OpenWithProgids@ACDSee Photo Manager 2009.hdr
Reg HKLM\SOFTWARE\Classes\.icn\OpenWithProgids@ACDSee Photo Manager 2009.icn
Reg HKLM\SOFTWARE\Classes\.idc\idcfile\ShellNew
Reg HKLM\SOFTWARE\Classes\.iff\OpenWithProgids@ACDSee Photo Manager 2009.iff
Reg HKLM\SOFTWARE\Classes\.ilbm\OpenWithProgids@ACDSee Photo Manager 2009.ilbm
Reg HKLM\SOFTWARE\Classes\.int\OpenWithProgids@ACDSee Photo Manager 2009.int
Reg HKLM\SOFTWARE\Classes\.inta\OpenWithProgids@ACDSee Photo Manager 2009.inta
Reg HKLM\SOFTWARE\Classes\.iw4\OpenWithProgids@ACDSee Photo Manager 2009.iw4
Reg HKLM\SOFTWARE\Classes\.j2c\OpenWithProgids@ACDSee Photo Manager 2009.j2c
Reg HKLM\SOFTWARE\Classes\.j2k\OpenWithProgids@ACDSee Photo Manager 2009.j2k
Reg HKLM\SOFTWARE\Classes\.jbr\OpenWithProgids@ACDSee Photo Manager 2009.jbr
Reg HKLM\SOFTWARE\Classes\.jif\OpenWithProgids@ACDSee Photo Manager 2009.jif
Reg HKLM\SOFTWARE\Classes\.jp2\OpenWithProgids@ACDSee Photo Manager 2009.jp2
Reg HKLM\SOFTWARE\Classes\.jp2\OpenWithProgids@QuickTime.jp2
Reg HKLM\SOFTWARE\Classes\.jpc\OpenWithProgids@ACDSee Photo Manager 2009.jpc
Reg HKLM\SOFTWARE\Classes\.jpk\OpenWithProgids@ACDSee Photo Manager 2009.jpk
Reg HKLM\SOFTWARE\Classes\.jpx\OpenWithProgids@ACDSee Photo Manager 2009.jpx
Reg HKLM\SOFTWARE\Classes\.kdc\OpenWithProgids@ACDSee Photo Manager 2009.kdc
Reg HKLM\SOFTWARE\Classes\.kdc\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.lbm\OpenWithProgids@ACDSee Photo Manager 2009.lbm
Reg HKLM\SOFTWARE\Classes\.ldb\Access.LockFile.9\ShellNew
Reg HKLM\SOFTWARE\Classes\.mef\OpenWithProgids@ACDSee Photo Manager 2009.mef
Reg HKLM\SOFTWARE\Classes\.mim\OpenWithProgids@ACDSee Photo Manager 2009.mim
Reg HKLM\SOFTWARE\Classes\.mme\OpenWithProgids@ACDSee Photo Manager 2009.mme
Reg HKLM\SOFTWARE\Classes\.mos\OpenWithProgids@ACDSee Photo Manager 2009.mos
Reg HKLM\SOFTWARE\Classes\.mrw\OpenWithProgids@ACDSee Photo Manager 2009.mrw
Reg HKLM\SOFTWARE\Classes\.mrw\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.orf\OpenWithProgids@ACDSee Photo Manager 2009.orf
Reg HKLM\SOFTWARE\Classes\.orf\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.pbm\OpenWithProgids@ACDSee Photo Manager 2009.pbm
Reg HKLM\SOFTWARE\Classes\.pbr\OpenWithProgids@ACDSee Photo Manager 2009.pbr
Reg HKLM\SOFTWARE\Classes\.pcb\PCBFile\ShellNew
Reg HKLM\SOFTWARE\Classes\.pcd\OpenWithProgids@ACDSee Photo Manager 2009.pcd
Reg HKLM\SOFTWARE\Classes\.pcx\OpenWithProgids@ACDSee Photo Manager 2009.pcx
Reg HKLM\SOFTWARE\Classes\.pef\OpenWithProgids@ACDSee Photo Manager 2009.pef
Reg HKLM\SOFTWARE\Classes\.pef\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.pgm\OpenWithProgids@ACDSee Photo Manager 2009.pgm
Reg HKLM\SOFTWARE\Classes\.pix\OpenWithProgids@ACDSee Photo Manager 2009.pix
Reg HKLM\SOFTWARE\Classes\.ppm\OpenWithProgids@ACDSee Photo Manager 2009.ppm
Reg HKLM\SOFTWARE\Classes\.psp\OpenWithProgids@ACDSee Photo Manager 2009.psp
Reg HKLM\SOFTWARE\Classes\.pspbrush\OpenWithProgids@ACDSee Photo Manager 2009.pspbrush
Reg HKLM\SOFTWARE\Classes\.pspimage\OpenWithProgids@ACDSee Photo Manager 2009.pspimage
Reg HKLM\SOFTWARE\Classes\.raf\OpenWithProgids@ACDSee Photo Manager 2009.raf
Reg HKLM\SOFTWARE\Classes\.raf\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.ras\OpenWithProgids@ACDSee Photo Manager 2009.ras
Reg HKLM\SOFTWARE\Classes\.raw\OpenWithProgids@ACDSee Photo Manager 2009.raw
Reg HKLM\SOFTWARE\Classes\.rgb\OpenWithProgids@ACDSee Photo Manager 2009.rgb
Reg HKLM\SOFTWARE\Classes\.rgb\OpenWithProgids@QuickTime.rgb
Reg HKLM\SOFTWARE\Classes\.rgba\OpenWithProgids@ACDSee Photo Manager 2009.rgba
Reg HKLM\SOFTWARE\Classes\.rsb\OpenWithProgids@ACDSee Photo Manager 2009.rsb
Reg HKLM\SOFTWARE\Classes\.rw2\OpenWithProgids@ACDSee Photo Manager 2009.rw2
Reg HKLM\SOFTWARE\Classes\.sdp\OpenWithProgIds@QuickTime.sdp
Reg HKLM\SOFTWARE\Classes\.sef\OpenWithProgids@ACDSee Photo Manager 2009.sef
Reg HKLM\SOFTWARE\Classes\.sgi\OpenWithProgids@ACDSee Photo Manager 2009.sgi
Reg HKLM\SOFTWARE\Classes\.sgi\OpenWithProgids@QuickTime.sgi
Reg HKLM\SOFTWARE\Classes\.sll\SSLFile\ShellNew
Reg HKLM\SOFTWARE\Classes\.sr2\OpenWithProgids@ACDSee Photo Manager 2009.sr2
Reg HKLM\SOFTWARE\Classes\.sr2\OpenWithProgids@WindowsLive.PhotoGallery.raw.15.4
Reg HKLM\SOFTWARE\Classes\.tga\OpenWithProgids@ACDSee Photo Manager 2009.tga
Reg HKLM\SOFTWARE\Classes\.tga\OpenWithProgids@QuickTime.tga
Reg HKLM\SOFTWARE\Classes\.thm\OpenWithProgids@ACDSee Photo Manager 2009.thm
Reg HKLM\SOFTWARE\Classes\.tuw\TUWFile\ShellNew
Reg HKLM\SOFTWARE\Classes\.wbm\OpenWithProgids@ACDSee Photo Manager 2009.wbm
Reg HKLM\SOFTWARE\Classes\.wbmp\OpenWithProgids@ACDSee Photo Manager 2009.wbmp
Reg HKLM\SOFTWARE\Classes\.wll\Word.Addin.8\ShellNew
Reg HKLM\SOFTWARE\Classes\.WMD\OpenWithProgIds@WMP11.AssocFile.WMD
Reg HKLM\SOFTWARE\Classes\.WMS\OpenWithProgIds@WMP11.AssocFile.WMS
Reg HKLM\SOFTWARE\Classes\.wmz\OpenWithProgIds@WMP11.AssocFile.WMZ
Reg HKLM\SOFTWARE\Classes\.xbm\OpenWithProgids@ACDSee Photo Manager 2009.xbm
Reg HKLM\SOFTWARE\Classes\.xif\OpenWithProgids@ACDSee Photo Manager 2009.xif
Reg HKLM\SOFTWARE\Classes\.xpm\OpenWithProgids@ACDSee Photo Manager 2009.xpm
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32@ C:\Program Files\Adobe\Reader 10.0\Reader\plug_ins\Accessibility.api
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID@ AcroAccess.AcrobatAccess.1
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib@ {C523F390-9C83-11D3-9094-00104BD0D535}
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID@ AcroAccess.AcrobatAccess
Reg HKLM\SOFTWARE\Classes\Directory\Background\shell\Flip3D\command@ Rundll32 dwmApi #105
Reg HKLM\SOFTWARE\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Media@DiskPrompt [1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Media@1 DISK1;1
Reg HKLM\SOFTWARE\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Net@1 C:\Users\Mark\AppData\Local\Downloaded Installations\{8E3E46B2-9B8C-4ADC-8E2F-112ED506FD40}\
Reg HKLM\SOFTWARE\Classes\Installer\Products\9CA6158A1FAA9F747966302E4DDCCB8F\SourceList\Media@DiskPrompt [1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\9CA6158A1FAA9F747966302E4DDCCB8F\SourceList\Media@1 DISK1;1
Reg HKLM\SOFTWARE\Classes\Installer\Products\9F875003FFE939B4A91B0C5E07E74F36\SourceList\Media@DiskPrompt [1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\9F875003FFE939B4A91B0C5E07E74F36\SourceList\Media@1 DISK1;1
Reg HKLM\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media@DiskPrompt Microsoft's Silverlight Installation [1]
Reg HKLM\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media@1 ;1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice@Progid ACDSee Photo Manager 2009.v11o
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice@Progid ACDSee Photo Manager 2009.v11p
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice@Progid ACDSee Photo Manager 2009.v11pf
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice@Progid ACDSee Photo Manager 2009.xmp

---- EOF - GMER 1.0.15 ----

broni · 2011/06/11

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

Attach.txt part of DDS scan is missing, so, please, provide that.

Then...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Blufx · 2011/06/11

I downloaded TDSSkiller from two different locations, but neither will run. Nothing happens. Tried right click and run as administrator also. Any ideas on that?

broni · 2011/06/11

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Blufx · 2011/06/11

OK, here's the combofix log:

ComboFix 11-06-11.01 - Mark 06/11/2011 18:52:50.4.2 - x86
Microsoft Windows7® DeepBlue™ 6.1.7600.3.1252.1.1033.18.3318.2039 [GMT -4:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Desktop\Malware Protection.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 23:02 . 2011-06-11 23:03 -------- d-----w- c:\users\Mark\AppData\Local\temp
2011-06-11 23:02 . 2011-06-11 23:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-11 13:48 . 2011-06-11 13:48 -------- d-----w- c:\program files\AVAST Software
2011-06-09 15:12 . 2011-06-09 15:12 102400 ----a-w- c:\windows\RegBootClean.exe
2011-06-08 20:23 . 2011-06-08 20:23 -------- d-----w- c:\users\Mark\AppData\Roaming\Thunderbird
2011-06-08 18:47 . 2011-06-08 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-08 18:47 . 2011-06-08 18:47 -------- d-----w- c:\users\Mark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-08 13:28 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 11:48 . 2011-06-07 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 01:09 . 2011-06-02 01:09 -------- d-----w- c:\users\Mark\AppData\Roaming\SerpentOfIsis
2011-05-27 06:00 . 2011-04-22 19:17 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 21:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 17:05 . 2011-05-17 17:05 1409 ----a-w- c:\windows\system32\tmp37256.FOT
2011-05-17 17:05 . 2011-05-17 17:05 1409 ----a-w- c:\windows\system32\tmp0E256.FOT
2011-05-17 16:35 . 2011-05-17 16:35 1409 ----a-w- c:\windows\system32\tmpF4ED6.FOT
2011-05-17 16:35 . 2011-05-17 16:35 1409 ----a-w- c:\windows\system32\tmpDBED6.FOT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 23:05 . 2011-04-21 23:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-21 23:05 . 2011-04-21 23:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-21 23:05 . 2011-04-21 23:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-21 23:05 . 2011-04-21 23:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-21 23:05 . 2011-04-21 23:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-21 23:05 . 2011-04-21 23:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-21 23:05 . 2011-04-21 23:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-21 23:05 . 2011-04-21 23:05 367104 ----a-w- c:\windows\system32\html.iec
2011-04-21 23:05 . 2011-04-21 23:05 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-21 23:05 . 2011-04-21 23:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-21 23:05 . 2011-04-21 23:05 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-21 23:05 . 2011-04-21 23:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-21 23:05 . 2011-04-21 23:05 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-21 23:05 . 2011-04-21 23:05 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-21 23:05 . 2011-04-21 23:05 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-21 23:05 . 2011-04-21 23:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-21 23:05 . 2011-04-21 23:05 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-21 23:05 . 2011-04-21 23:05 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-21 23:05 . 2011-04-21 23:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 23:05 . 2011-04-21 23:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-21 23:05 . 2011-04-21 23:05 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-18 20:09 . 2011-04-18 20:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-16 15:18 . 2011-04-16 15:18 19956 ----a-w- C:\FixitRegBackup.reg
2011-04-09 06:21 . 2011-05-11 15:50 3967360 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:21 . 2011-05-11 15:50 3911552 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 03:07 . 2011-05-11 15:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06 . 2011-05-11 15:50 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06 . 2011-05-11 15:50 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06 . 2011-05-11 15:50 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06 . 2011-05-11 15:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06 . 2011-05-11 15:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06 . 2011-05-11 15:50 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-23 14:11 . 2011-04-15 19:16 6792528 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FEDEA2A-72F9-48DA-84A4-4CEAF5FA3EC6}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2010-01-08 . FD6EF753300BEBEBD85B44BB6D0CC1A2 . 2289152 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2010-01-08 . C9B74657CF24E4297C94D5F6BE62E915 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_51ad6f73daf5e032\explorer.exe
[7] 2010-01-08 . 22F7FA1FD0223AE08AE4070534B96CF9 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_521a6a60f42a067d\explorer.exe
[7] 2010-01-08 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2010-01-08 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} "= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{ba14329e-9550-4989-b3f2-9732e92d17cc} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} "= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{BA14329E-9550-4989-B3F2-9732E92D17CC} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Lng panel "= "ctfmon.exe" [2009-07-14 8704]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Welcome Center "= "c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPUCooL.lnk - c:\program files\CPUCooL\CPUCooL.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableSecureUIAPaths "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
"SynchronousMachineGroupPolicy "= 0 (0x0)
"SynchronousUserGroupPolicy "= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 43008]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-01-08 13080]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 LUW;LUW;c:\users\Mark\AppData\Local\Temp\LUW.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B728.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 OG;OG;c:\users\Mark\AppData\Local\Temp\OG.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1343400]
R3 WTJFEY;WTJFEY;c:\users\Mark\AppData\Local\Temp\WTJFEY.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-03 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ntiomin;ntiomin; [x]
S1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/02 20:34];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-01 00:40 87536]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-02-02 12096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthaudiosvc REG_MULTI_SZ HFGService
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 06:27]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 06:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4l9b1nwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/sc/simpsonville/29681/city-weather-forecast.asp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\B728.tmp "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Motorola Inc.\Motorola Mobile Drivers Installation 5.0.0]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.032 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.abr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.arw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.bay "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.bw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.cr2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.crw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.cs1 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dcr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dcx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.djv "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.djvu "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dng "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.eps "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.erf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.fff "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.fpx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.hdr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.icn "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.iff "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ilbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.int "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.inta "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.iw4 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.j2c "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.j2k "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jbr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jif "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jp2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpc "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpk "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.kdc "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.lbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mos "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mrw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.nef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.orf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pbr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pcd "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pct "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pcx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pgm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pic "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pict "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pix "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ppm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.psd "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.psp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pspbrush "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pspimage "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.raf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ras "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.raw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rgb "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rgba "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rsb "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rw2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.sgi "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.sr2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.srf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.tga "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.thm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11o "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11p "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11pf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.wbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.wbmp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xif "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xmp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xpm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Motorola Inc.\Motorola Mobile Drivers Installation 4.8.0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.032\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.032 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.abr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.abr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.apd\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.apd "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.arw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.arw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.b64\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.b64 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.bay\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.bay "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.bw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.bw "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.caf\OpenWithProgIds]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.caf "=" "
"QuickTime.caf "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.cbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cbz\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cbz "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cda\OpenWithList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.cda\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.CDA "=hex(0):
@=" "
"iTunes.cda "=hex:
.
[HKEY_LOCAL_MACHINE\software\Classes\.cr2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cr2 "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.crw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.crw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs1\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cs1 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.dcx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.dcx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.djv\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.djv "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.djvu\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.djvu "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.dng\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.dng "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.erf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.erf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.fff\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.fff "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.fpx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.fpx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.frg\Access.Fragment]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.gst\MSMap.Datainst.8]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.hdr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.hdr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.icn\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.icn "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.idc\idcfile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.iff\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.iff "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ilbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ilbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.int\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.int "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.inta\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.inta "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.iw4\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.iw4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.j2c\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.j2c "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.j2k\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.j2k "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jif\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jif "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jp2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jp2 "=" "
"QuickTime.jp2 "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpc\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpc "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpk\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpk "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.kdc\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.kdc "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.lbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.lbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ldb\Access.LockFile.9]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.mef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mef "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mim\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mim "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mme\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mme "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mos\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mos "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mrw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mrw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.orf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.orf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcb\PCBFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcd\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pcd "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pcx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pef "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pgm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pgm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pix\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pix "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ppm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ppm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.psp\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.psp "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pspbrush\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pspbrush "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pspimage\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pspimage "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.raf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.raf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ras\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ras "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.raw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.raw "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rgb\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rgb "=" "
"QuickTime.rgb "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.rgba\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rgba "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rsb\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rsb "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rw2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rw2 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.sdp\OpenWithProgIds]
@DACL=(02 0000)
"QuickTime.sdp "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.sef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sef "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.sgi\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sgi "=" "
"QuickTime.sgi "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.sll\SSLFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sr2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sr2 "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.tga\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.tga "=" "
"QuickTime.tga "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.thm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.thm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.tuw\TUWFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.wbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.wbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.wbmp\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.wbmp "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.wll\Word.Addin.8]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.WMD\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMD "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.WMS\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMS "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.wmz\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMZ "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.xif\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xif "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.xpm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xpm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32]
@DACL=(02 0000)
"ThreadingModel "= "Apartment "
@= "c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@= "AcroAccess.AcrobatAccess.1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@= "{C523F390-9C83-11D3-9094-00104BD0D535} "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@= "AcroAccess.AcrobatAccess "
.
[HKEY_LOCAL_MACHINE\software\Classes\Directory\Background\shell\Flip3D\command]
@DACL=(02 0000)
@= "Rundll32 dwmApi #105 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Net]
@DACL=(02 0000)
"1 "=expand: "c:\\Users\\Mark\\AppData\\Local\\Downloaded Installations\\{8E3E46B2-9B8C-4ADC-8E2F-112ED506FD40}\\ "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9CA6158A1FAA9F747966302E4DDCCB8F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9F875003FFE939B4A91B0C5E07E74F36\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "Microsoft's Silverlight Installation [1] "
"1 "= ";1 "
.
[HKEY_LOCAL_MACHINE\software\Logitech\ImageStudio\Rubicon\LIU]
@Class= "DEFAULT_CLASS "
@DACL=(02 0000)
"ReminderCount "=dword:00000005
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DLNASupport]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects]
@DACL=(02 0000)
@= "Layout Manager Objects "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PlayerUpgrade]
@DACL=(02 0000)
"EnableAutoUpgrade "= "no "
"PlayerVersion "= "12,0,7600,20792 "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Plugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PREFERENCES]
@DACL=(02 0000)
"OEMServiceOverride11 "=" "
"DefaultSubscriptionService "= "MediaGuide "
"WMPNSSFirewallPortsOpen "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup]
@DACL=(02 0000)
"Install ID "= "{9B9C471A-6438-46DF-A3FD-72B8DAD12A7B} "
"MPEG2In "=dword:00000001
"MPEG2AddIn "=dword:00000001
"MPEG2AddInEnable "=dword:00000000
"DolbyIn "=dword:00000001
"DolbyAddIn "=dword:00000001
"DolbyAddInEnable "=dword:00000000
"ResetAutoPlay "= "12,0,7600,20792 "
"Progress_MaxDialog "=dword:00000009
"Progress_CurrentInstall "=dword:00000000
"Progress_MaxInstall "=dword:00000001
"Progress_CurrentDialog "=dword:00000009
"InstallResult "=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Files]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1 "= "ATA<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
"HardwareFlowControl "= "1 "
"SetupCommand "= "ATS7=60&K3 "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1 "= "ATH E1<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1 "= "AT<cr> "
"2 "= "AT &F E0 &C1 &D2 V1 S0=0\\V1<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1 "= "ATS0=0<cr> "
"2 "= "None "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix "= "AT "
"Terminator "= "<cr> "
"DialPrefix "= "D "
"DialSuffix "= "; "
"CallSetupFailTimer "= "S7=<#> "
"SpeakerVolume_Low "= "L0 "
"SpeakerVolume_Med "= "L2 "
"SpeakerVolume_High "= "L3 "
"SpeakerMode_Off "= "M0 "
"SpeakerMode_Dial "= "M1 "
"SpeakerMode_On "= "M2 "
"SpeakerMode_Setup "= "M3 "
"FlowControl_Off "= "&K0 "
"FlowControl_Hard "= "&K3 "
"FlowControl_Soft "= "&K4 "
"ErrorControl_On "= "\\N3 "
"ErrorControl_Off "= "\\N1 "
"ErrorControl_Forced "= "\\N4 "
"Compression_Off "= "%C0 "
"Compression_On "= "%C1 "
"Modulation_CCITT "= "B0B15B2 "
"Modulation_Bell "= "B1B16B2 "
"SpeedNegotiation_Off "= "N0\\J1 "
"SpeedNegotiation_On "= "N1\\J1 "
"Pulse "= "P "
"Tone "= "T "
"Blind_Off "= "X4 "
"Blind_On "= "X3 "
"InactivityTimeOut "= "S30=<#> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1 "= "ATA<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1 "= "ATH0<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1 "= "AT<cr> "
"2 "= "ATE0V1&D2<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1 "= "ATS0=0<cr> "
"2 "= "None "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"Prefix "= "AT "
"Terminator "= "<cr> "
"DialPrefix "= "D "
"Pulse "= "P "
"Tone "= "T "
"DialSuffix "=" "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-11 19:06:00
ComboFix-quarantined-files.txt 2011-06-11 23:05
ComboFix2.txt 2011-06-09 19:04
ComboFix3.txt 2011-06-09 17:03
.
Pre-Run: 13,068,525,568 bytes free
Post-Run: 12,766,732,288 bytes free
.
- - End Of File - - 309F40786A280642B9E95C1454D09B38

Blufx · 2011/06/11

Oh, thanks for the help. This thing's aggravating.

broni · 2011/06/11

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe | c:\windows\explorer.exe

File::
c:\windows\system32\tmp37256.FOT
c:\windows\system32\tmp0E256.FOT
c:\windows\system32\tmpF4ED6.FOT
c:\windows\system32\tmpDBED6.FOT
c:\users\Mark\AppData\Local\Temp\LUW.exe
c:\windows\system32\B728.tmp
c:\users\Mark\AppData\Local\Temp\OG.exe
c:\users\Mark\AppData\Local\Temp\WTJFEY.exe


DDS::
uInternet Settings,ProxyOverride = 192.168.*.*;*.local


Driver::
LUW
MEMSWEEP2
OG
WTJFEY
ntiomin
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Blufx · 2011/06/12

Once again I thank you for the help. My search results are still being redirected. Here's the Combofix log:

ComboFix 11-06-11.01 - Mark 06/12/2011 9:24.5.2 - x86
Microsoft Windows7® DeepBlue™ 6.1.7600.3.1252.1.1033.18.3318.2014 [GMT -4:00]
Running from: c:\users\Mark\Desktop\malware\schrauber.exe
Command switches used :: c:\users\Mark\Desktop\malware\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 13:29 . 2011-06-12 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 13:22 . 2011-06-12 13:22 -------- d-----w- C:\schrauber
2011-06-11 23:06 . 2011-06-12 13:29 -------- d-----w- c:\users\Mark\AppData\Local\temp
2011-06-11 22:51 . 2011-06-11 23:06 -------- d-----w- C:\ComboFix
2011-06-11 13:48 . 2011-06-11 13:48 -------- d-----w- c:\program files\AVAST Software
2011-06-09 15:12 . 2011-06-09 15:12 102400 ----a-w- c:\windows\RegBootClean.exe
2011-06-08 20:23 . 2011-06-08 20:23 -------- d-----w- c:\users\Mark\AppData\Roaming\Thunderbird
2011-06-08 18:47 . 2011-06-08 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-08 18:47 . 2011-06-08 18:47 -------- d-----w- c:\users\Mark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-08 13:28 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 11:48 . 2011-06-07 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 01:09 . 2011-06-02 01:09 -------- d-----w- c:\users\Mark\AppData\Roaming\SerpentOfIsis
2011-05-27 06:00 . 2011-04-22 19:17 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 21:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 17:05 . 2011-05-17 17:05 1409 ----a-w- c:\windows\system32\tmp37256.FOT
2011-05-17 17:05 . 2011-05-17 17:05 1409 ----a-w- c:\windows\system32\tmp0E256.FOT
2011-05-17 16:35 . 2011-05-17 16:35 1409 ----a-w- c:\windows\system32\tmpF4ED6.FOT
2011-05-17 16:35 . 2011-05-17 16:35 1409 ----a-w- c:\windows\system32\tmpDBED6.FOT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 23:05 . 2011-04-21 23:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-21 23:05 . 2011-04-21 23:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-21 23:05 . 2011-04-21 23:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-21 23:05 . 2011-04-21 23:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-21 23:05 . 2011-04-21 23:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-21 23:05 . 2011-04-21 23:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-21 23:05 . 2011-04-21 23:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-21 23:05 . 2011-04-21 23:05 367104 ----a-w- c:\windows\system32\html.iec
2011-04-21 23:05 . 2011-04-21 23:05 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-21 23:05 . 2011-04-21 23:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-21 23:05 . 2011-04-21 23:05 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-21 23:05 . 2011-04-21 23:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-21 23:05 . 2011-04-21 23:05 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-21 23:05 . 2011-04-21 23:05 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-21 23:05 . 2011-04-21 23:05 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-21 23:05 . 2011-04-21 23:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-21 23:05 . 2011-04-21 23:05 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-21 23:05 . 2011-04-21 23:05 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-21 23:05 . 2011-04-21 23:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 23:05 . 2011-04-21 23:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-21 23:05 . 2011-04-21 23:05 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-18 20:09 . 2011-04-18 20:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-16 15:18 . 2011-04-16 15:18 19956 ----a-w- C:\FixitRegBackup.reg
2011-04-09 06:21 . 2011-05-11 15:50 3967360 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:21 . 2011-05-11 15:50 3911552 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 03:07 . 2011-05-11 15:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06 . 2011-05-11 15:50 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06 . 2011-05-11 15:50 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06 . 2011-05-11 15:50 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06 . 2011-05-11 15:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06 . 2011-05-11 15:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06 . 2011-05-11 15:50 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-23 14:11 . 2011-04-15 19:16 6792528 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FEDEA2A-72F9-48DA-84A4-4CEAF5FA3EC6}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2010-01-08 . FD6EF753300BEBEBD85B44BB6D0CC1A2 . 2289152 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2010-01-08 . C9B74657CF24E4297C94D5F6BE62E915 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_51ad6f73daf5e032\explorer.exe
[7] 2010-01-08 . 22F7FA1FD0223AE08AE4070534B96CF9 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_521a6a60f42a067d\explorer.exe
[7] 2010-01-08 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2010-01-08 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} "= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{ba14329e-9550-4989-b3f2-9732e92d17cc} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} "= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{BA14329E-9550-4989-B3F2-9732E92D17CC} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Lng panel "= "ctfmon.exe" [2009-07-14 8704]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Welcome Center "= "c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPUCooL.lnk - c:\program files\CPUCooL\CPUCooL.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableSecureUIAPaths "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
"SynchronousMachineGroupPolicy "= 0 (0x0)
"SynchronousUserGroupPolicy "= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 43008]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-01-08 13080]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 LUW;LUW;c:\users\Mark\AppData\Local\Temp\LUW.exe [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B728.tmp [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 OG;OG;c:\users\Mark\AppData\Local\Temp\OG.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1343400]
R3 WTJFEY;WTJFEY;c:\users\Mark\AppData\Local\Temp\WTJFEY.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-03 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ntiomin;ntiomin; [x]
S1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/02 20:34];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-01 00:40 87536]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-02-02 12096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthaudiosvc REG_MULTI_SZ HFGService
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 06:27]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 06:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4l9b1nwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/sc/simpsonville/29681/city-weather-forecast.asp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\B728.tmp "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Motorola Inc.\Motorola Mobile Drivers Installation 5.0.0]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.032 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.abr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.arw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.bay "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.bw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.cr2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.crw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.cs1 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dcr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dcx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.djv "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.djvu "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dng "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.eps "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.erf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.fff "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.fpx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.hdr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.icn "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.iff "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ilbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.int "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.inta "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.iw4 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.j2c "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.j2k "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jbr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jif "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jp2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpc "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpk "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.kdc "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.lbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mos "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mrw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.nef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.orf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pbr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pcd "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pct "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pcx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pgm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pic "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pict "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pix "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ppm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.psd "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.psp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pspbrush "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pspimage "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.raf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ras "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.raw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rgb "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rgba "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rsb "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rw2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.sgi "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.sr2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.srf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.tga "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.thm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11o "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11p "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11pf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.wbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.wbmp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xif "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xmp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xpm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Motorola Inc.\Motorola Mobile Drivers Installation 4.8.0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.032\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.032 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.abr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.abr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.apd\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.apd "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.arw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.arw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.b64\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.b64 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.bay\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.bay "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.bw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.bw "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.caf\OpenWithProgIds]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.caf "=" "
"QuickTime.caf "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.cbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cbz\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cbz "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cda\OpenWithList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.cda\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.CDA "=hex(0):
@=" "
"iTunes.cda "=hex:
.
[HKEY_LOCAL_MACHINE\software\Classes\.cr2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cr2 "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.crw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.crw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs1\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cs1 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.dcx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.dcx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.djv\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.djv "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.djvu\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.djvu "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.dng\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.dng "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.erf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.erf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.fff\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.fff "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.fpx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.fpx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.frg\Access.Fragment]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.gst\MSMap.Datainst.8]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.hdr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.hdr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.icn\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.icn "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.idc\idcfile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.iff\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.iff "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ilbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ilbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.int\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.int "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.inta\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.inta "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.iw4\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.iw4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.j2c\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.j2c "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.j2k\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.j2k "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jif\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jif "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jp2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jp2 "=" "
"QuickTime.jp2 "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpc\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpc "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpk\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpk "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.kdc\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.kdc "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.lbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.lbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ldb\Access.LockFile.9]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.mef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mef "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mim\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mim "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mme\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mme "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mos\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mos "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mrw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mrw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.orf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.orf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcb\PCBFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcd\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pcd "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pcx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pef "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pgm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pgm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pix\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pix "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ppm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ppm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.psp\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.psp "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pspbrush\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pspbrush "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pspimage\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pspimage "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.raf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.raf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ras\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ras "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.raw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.raw "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rgb\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rgb "=" "
"QuickTime.rgb "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.rgba\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rgba "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rsb\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rsb "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rw2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rw2 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.sdp\OpenWithProgIds]
@DACL=(02 0000)
"QuickTime.sdp "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.sef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sef "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.sgi\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sgi "=" "
"QuickTime.sgi "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.sll\SSLFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sr2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sr2 "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.tga\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.tga "=" "
"QuickTime.tga "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.thm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.thm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.tuw\TUWFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.wbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.wbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.wbmp\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.wbmp "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.wll\Word.Addin.8]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.WMD\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMD "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.WMS\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMS "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.wmz\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMZ "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.xif\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xif "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.xpm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xpm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32]
@DACL=(02 0000)
"ThreadingModel "= "Apartment "
@= "c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@= "AcroAccess.AcrobatAccess.1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@= "{C523F390-9C83-11D3-9094-00104BD0D535} "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@= "AcroAccess.AcrobatAccess "
.
[HKEY_LOCAL_MACHINE\software\Classes\Directory\Background\shell\Flip3D\command]
@DACL=(02 0000)
@= "Rundll32 dwmApi #105 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Net]
@DACL=(02 0000)
"1 "=expand: "c:\\Users\\Mark\\AppData\\Local\\Downloaded Installations\\{8E3E46B2-9B8C-4ADC-8E2F-112ED506FD40}\\ "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9CA6158A1FAA9F747966302E4DDCCB8F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9F875003FFE939B4A91B0C5E07E74F36\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "Microsoft's Silverlight Installation [1] "
"1 "= ";1 "
.
[HKEY_LOCAL_MACHINE\software\Logitech\ImageStudio\Rubicon\LIU]
@Class= "DEFAULT_CLASS "
@DACL=(02 0000)
"ReminderCount "=dword:00000005
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DLNASupport]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects]
@DACL=(02 0000)
@= "Layout Manager Objects "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PlayerUpgrade]
@DACL=(02 0000)
"EnableAutoUpgrade "= "no "
"PlayerVersion "= "12,0,7600,20792 "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Plugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PREFERENCES]
@DACL=(02 0000)
"OEMServiceOverride11 "=" "
"DefaultSubscriptionService "= "MediaGuide "
"WMPNSSFirewallPortsOpen "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup]
@DACL=(02 0000)
"Install ID "= "{9B9C471A-6438-46DF-A3FD-72B8DAD12A7B} "
"MPEG2In "=dword:00000001
"MPEG2AddIn "=dword:00000001
"MPEG2AddInEnable "=dword:00000000
"DolbyIn "=dword:00000001
"DolbyAddIn "=dword:00000001
"DolbyAddInEnable "=dword:00000000
"ResetAutoPlay "= "12,0,7600,20792 "
"Progress_MaxDialog "=dword:00000009
"Progress_CurrentInstall "=dword:00000000
"Progress_MaxInstall "=dword:00000001
"Progress_CurrentDialog "=dword:00000009
"InstallResult "=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Files]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1 "= "ATA<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
"HardwareFlowControl "= "1 "
"SetupCommand "= "ATS7=60&K3 "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1 "= "ATH E1<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1 "= "AT<cr> "
"2 "= "AT &F E0 &C1 &D2 V1 S0=0\\V1<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1 "= "ATS0=0<cr> "
"2 "= "None "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix "= "AT "
"Terminator "= "<cr> "
"DialPrefix "= "D "
"DialSuffix "= "; "
"CallSetupFailTimer "= "S7=<#> "
"SpeakerVolume_Low "= "L0 "
"SpeakerVolume_Med "= "L2 "
"SpeakerVolume_High "= "L3 "
"SpeakerMode_Off "= "M0 "
"SpeakerMode_Dial "= "M1 "
"SpeakerMode_On "= "M2 "
"SpeakerMode_Setup "= "M3 "
"FlowControl_Off "= "&K0 "
"FlowControl_Hard "= "&K3 "
"FlowControl_Soft "= "&K4 "
"ErrorControl_On "= "\\N3 "
"ErrorControl_Off "= "\\N1 "
"ErrorControl_Forced "= "\\N4 "
"Compression_Off "= "%C0 "
"Compression_On "= "%C1 "
"Modulation_CCITT "= "B0B15B2 "
"Modulation_Bell "= "B1B16B2 "
"SpeedNegotiation_Off "= "N0\\J1 "
"SpeedNegotiation_On "= "N1\\J1 "
"Pulse "= "P "
"Tone "= "T "
"Blind_Off "= "X4 "
"Blind_On "= "X3 "
"InactivityTimeOut "= "S30=<#> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1 "= "ATA<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1 "= "ATH0<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1 "= "AT<cr> "
"2 "= "ATE0V1&D2<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1 "= "ATS0=0<cr> "
"2 "= "None "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"Prefix "= "AT "
"Terminator "= "<cr> "
"DialPrefix "= "D "
"Pulse "= "P "
"Tone "= "T "
"DialSuffix "=" "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3532)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2011-06-12 09:33:03
ComboFix-quarantined-files.txt 2011-06-12 13:33
ComboFix2.txt 2011-06-11 23:06
ComboFix3.txt 2011-06-09 19:04
ComboFix4.txt 2011-06-09 17:03
.
Pre-Run: 13,394,190,336 bytes free
Post-Run: 13,460,983,808 bytes free
.
- - End Of File - - 57B39D77C573D39EF7CB10044E52AF8E

Blufx · 2011/06/12

sorry, double post

broni · 2011/06/12

It doesn't look like you ran my Combofix script.
Please, redo.
Re-read my previous instruction more carefully.

Blufx · 2011/06/12

I don't know how I could've done it wrong. When I dropped the script file, it stated running. But, I did it again. Here's the log:

ComboFix 11-06-11.01 - Mark 06/12/2011 12:43:59.6.2 - x86
Microsoft Windows7® DeepBlue™ 6.1.7600.3.1252.1.1033.18.3318.2060 [GMT -4:00]
Running from: c:\users\Mark\Desktop\malware\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\malware\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Mark\AppData\Local\Temp\LUW.exe "
"c:\users\Mark\AppData\Local\Temp\OG.exe "
"c:\users\Mark\AppData\Local\Temp\WTJFEY.exe "
"c:\windows\system32\B728.tmp "
"c:\windows\system32\tmp0E256.FOT "
"c:\windows\system32\tmp37256.FOT "
"c:\windows\system32\tmpDBED6.FOT "
"c:\windows\system32\tmpF4ED6.FOT "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tmp0E256.FOT
c:\windows\system32\tmp37256.FOT
c:\windows\system32\tmpDBED6.FOT
c:\windows\system32\tmpF4ED6.FOT
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MEMSWEEP2
-------\Legacy_NTIOMIN
-------\Service_LUW
-------\Service_MEMSWEEP2
-------\Service_ntiomin
-------\Service_OG
-------\Service_WTJFEY
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 16:49 . 2011-06-12 16:51 -------- d-----w- c:\users\Mark\AppData\Local\temp
2011-06-12 16:49 . 2011-06-12 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 13:22 . 2011-06-12 13:22 -------- d-----w- C:\schrauber
2011-06-11 13:48 . 2011-06-11 13:48 -------- d-----w- c:\program files\AVAST Software
2011-06-09 15:12 . 2011-06-09 15:12 102400 ----a-w- c:\windows\RegBootClean.exe
2011-06-08 20:23 . 2011-06-08 20:23 -------- d-----w- c:\users\Mark\AppData\Roaming\Thunderbird
2011-06-08 18:47 . 2011-06-08 18:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-08 18:47 . 2011-06-08 18:47 -------- d-----w- c:\users\Mark\AppData\Roaming\SUPERAntiSpyware.com
2011-06-08 13:28 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 11:48 . 2011-06-07 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 01:09 . 2011-06-02 01:09 -------- d-----w- c:\users\Mark\AppData\Roaming\SerpentOfIsis
2011-05-27 06:00 . 2011-04-22 19:17 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 21:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 23:05 . 2011-04-21 23:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-21 23:05 . 2011-04-21 23:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-21 23:05 . 2011-04-21 23:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-21 23:05 . 2011-04-21 23:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-21 23:05 . 2011-04-21 23:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-21 23:05 . 2011-04-21 23:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-21 23:05 . 2011-04-21 23:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-21 23:05 . 2011-04-21 23:05 367104 ----a-w- c:\windows\system32\html.iec
2011-04-21 23:05 . 2011-04-21 23:05 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-21 23:05 . 2011-04-21 23:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-21 23:05 . 2011-04-21 23:05 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-21 23:05 . 2011-04-21 23:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-21 23:05 . 2011-04-21 23:05 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-21 23:05 . 2011-04-21 23:05 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-21 23:05 . 2011-04-21 23:05 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-21 23:05 . 2011-04-21 23:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-21 23:05 . 2011-04-21 23:05 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-21 23:05 . 2011-04-21 23:05 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-21 23:05 . 2011-04-21 23:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 23:05 . 2011-04-21 23:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-21 23:05 . 2011-04-21 23:05 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-18 20:09 . 2011-04-18 20:09 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-16 15:18 . 2011-04-16 15:18 19956 ----a-w- C:\FixitRegBackup.reg
2011-04-09 06:21 . 2011-05-11 15:50 3967360 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:21 . 2011-05-11 15:50 3911552 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 03:07 . 2011-05-11 15:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-29 03:06 . 2011-05-11 15:50 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-29 03:06 . 2011-05-11 15:50 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-29 03:06 . 2011-05-11 15:50 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-29 03:06 . 2011-05-11 15:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-29 03:06 . 2011-05-11 15:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-29 03:06 . 2011-05-11 15:50 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-23 14:11 . 2011-04-15 19:16 6792528 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FEDEA2A-72F9-48DA-84A4-4CEAF5FA3EC6}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
2009-06-02 14:51 2695168 ----a-w- c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} "= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{ba14329e-9550-4989-b3f2-9732e92d17cc} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} "= "c:\program files\Antbar\Ant.com Toolbar\tbcore3.dll" [2009-06-02 2695168]
"{BA14329E-9550-4989-B3F2-9732E92D17CC} "= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D} "= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{6cd56c02-cb4d-41b5-a0fe-b479061ccb41}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00982.TBSB00982]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Lng panel "= "ctfmon.exe" [2009-07-14 8704]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Welcome Center "= "c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPUCooL.lnk - c:\program files\CPUCooL\CPUCooL.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableSecureUIAPaths "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
"SynchronousMachineGroupPolicy "= 0 (0x0)
"SynchronousUserGroupPolicy "= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMBalloonTip "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 43008]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-01-08 13080]
R3 CFcatchme;CFcatchme;c:\users\Mark\AppData\Local\Temp\CFcatchme.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-03 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;d:\program files\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;d:\program files\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/02 20:34];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-01 00:40 87536]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-02-02 12096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthaudiosvc REG_MULTI_SZ HFGService
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 06:27]
.
2011-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-15 06:27]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4l9b1nwy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.accuweather.com/us/sc/simpsonville/29681/city-weather-forecast.asp
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Motorola Inc.\Motorola Mobile Drivers Installation 5.0.0]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.032 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.abr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.arw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.bay "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.bw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.cr2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.crw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.cs1 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dcr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dcx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.djv "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.djvu "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.dng "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.eps "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.erf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.fff "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.fpx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.hdr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.icn "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.iff "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ilbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.int "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.inta "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.iw4 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.j2c "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.j2k "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jbr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jif "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jp2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpc "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpk "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.jpx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.kdc "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.lbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mos "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.mrw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.nef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.orf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pbr "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pcd "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pct "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pcx "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pef "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pgm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pic "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pict "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pix "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ppm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.psd "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.psp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pspbrush "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.pspimage "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.raf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.ras "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.raw "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rgb "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rgba "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rsb "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.rw2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.sgi "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.sr2 "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.srf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.tga "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.thm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11o "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11p "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.v11pf "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.wbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.wbmp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xbm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xif "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xmp "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ACDSee Photo Manager 2009.xpm "
.
[HKEY_USERS\S-1-5-21-4230333105-2160602951-466114078-1000\Software\Motorola Inc.\Motorola Mobile Drivers Installation 4.8.0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.032\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.032 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.abr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.abr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.apd\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.apd "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.arw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.arw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.b64\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.b64 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.bay\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.bay "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.bw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.bw "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.caf\OpenWithProgIds]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.caf "=" "
"QuickTime.caf "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.cbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cbz\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cbz "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cda\OpenWithList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.cda\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.CDA "=hex(0):
@=" "
"iTunes.cda "=hex:
.
[HKEY_LOCAL_MACHINE\software\Classes\.cr2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cr2 "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.crw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.crw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.cs1\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.cs1 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.dcx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.dcx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.djv\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.djv "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.djvu\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.djvu "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.dng\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.dng "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.erf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.erf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.fff\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.fff "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.fpx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.fpx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.frg\Access.Fragment]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.gst\MSMap.Datainst.8]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.hdr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.hdr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.icn\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.icn "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.idc\idcfile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.iff\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.iff "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ilbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ilbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.int\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.int "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.inta\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.inta "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.iw4\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.iw4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.j2c\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.j2c "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.j2k\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.j2k "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jif\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jif "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jp2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jp2 "=" "
"QuickTime.jp2 "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpc\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpc "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpk\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpk "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.jpx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.jpx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.kdc\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.kdc "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.lbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.lbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ldb\Access.LockFile.9]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.mef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mef "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mim\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mim "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mme\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mme "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mos\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mos "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.mrw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.mrw "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.orf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.orf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pbr\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pbr "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcb\PCBFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcd\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pcd "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pcx\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pcx "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pef "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pgm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pgm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pix\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pix "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ppm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ppm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.psp\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.psp "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pspbrush\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pspbrush "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.pspimage\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.pspimage "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.raf\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.raf "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.ras\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.ras "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.raw\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.raw "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rgb\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rgb "=" "
"QuickTime.rgb "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.rgba\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rgba "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rsb\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rsb "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.rw2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.rw2 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.sdp\OpenWithProgIds]
@DACL=(02 0000)
"QuickTime.sdp "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.sef\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sef "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.sgi\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sgi "=" "
"QuickTime.sgi "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.sll\SSLFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.sr2\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.sr2 "=" "
"WindowsLive.PhotoGallery.raw.15.4 "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.tga\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.tga "=" "
"QuickTime.tga "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.thm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.thm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.tuw\TUWFile]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.wbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.wbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.wbmp\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.wbmp "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.wll\Word.Addin.8]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\.WMD\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMD "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.WMS\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMS "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.wmz\OpenWithProgIds]
@DACL=(02 0000)
"WMP11.AssocFile.WMZ "=hex(0):
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xbm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.xif\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xif "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\.xpm\OpenWithProgids]
@DACL=(02 0000)
"ACDSee Photo Manager 2009.xpm "=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32]
@DACL=(02 0000)
"ThreadingModel "= "Apartment "
@= "c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\plug_ins\\Accessibility.api "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]
@DACL=(02 0000)
@= "AcroAccess.AcrobatAccess.1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]
@DACL=(02 0000)
@=" "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]
@DACL=(02 0000)
@= "{C523F390-9C83-11D3-9094-00104BD0D535} "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]
@DACL=(02 0000)
@= "AcroAccess.AcrobatAccess "
.
[HKEY_LOCAL_MACHINE\software\Classes\Directory\Background\shell\Flip3D\command]
@DACL=(02 0000)
@= "Rundll32 dwmApi #105 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\77C83FB1876EFA9488A5BB1DA0DEF23F\SourceList\Net]
@DACL=(02 0000)
"1 "=expand: "c:\\Users\\Mark\\AppData\\Local\\Downloaded Installations\\{8E3E46B2-9B8C-4ADC-8E2F-112ED506FD40}\\ "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9CA6158A1FAA9F747966302E4DDCCB8F\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\9F875003FFE939B4A91B0C5E07E74F36\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "[1] "
"1 "= "DISK1;1 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]
@DACL=(02 0000)
"DiskPrompt "= "Microsoft's Silverlight Installation [1] "
"1 "= ";1 "
.
[HKEY_LOCAL_MACHINE\software\Logitech\ImageStudio\Rubicon\LIU]
@Class= "DEFAULT_CLASS "
@DACL=(02 0000)
"ReminderCount "=dword:00000005
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DLNASupport]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects]
@DACL=(02 0000)
@= "Layout Manager Objects "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PlayerUpgrade]
@DACL=(02 0000)
"EnableAutoUpgrade "= "no "
"PlayerVersion "= "12,0,7600,20792 "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Plugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PREFERENCES]
@DACL=(02 0000)
"OEMServiceOverride11 "=" "
"DefaultSubscriptionService "= "MediaGuide "
"WMPNSSFirewallPortsOpen "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup]
@DACL=(02 0000)
"Install ID "= "{9B9C471A-6438-46DF-A3FD-72B8DAD12A7B} "
"MPEG2In "=dword:00000001
"MPEG2AddIn "=dword:00000001
"MPEG2AddInEnable "=dword:00000000
"DolbyIn "=dword:00000001
"DolbyAddIn "=dword:00000001
"DolbyAddInEnable "=dword:00000000
"ResetAutoPlay "= "12,0,7600,20792 "
"Progress_MaxDialog "=dword:00000009
"Progress_CurrentInstall "=dword:00000000
"Progress_MaxInstall "=dword:00000001
"Progress_CurrentDialog "=dword:00000009
"InstallResult "=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Files]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]
@DACL=(02 0000)
"1 "= "ATA<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]
@DACL=(02 0000)
"HardwareFlowControl "= "1 "
"SetupCommand "= "ATS7=60&K3 "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]
@DACL=(02 0000)
"1 "= "ATH E1<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]
@DACL=(02 0000)
"1 "= "AT<cr> "
"2 "= "AT &F E0 &C1 &D2 V1 S0=0\\V1<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]
@DACL=(02 0000)
"1 "= "ATS0=0<cr> "
"2 "= "None "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]
@DACL=(02 0000)
"Prefix "= "AT "
"Terminator "= "<cr> "
"DialPrefix "= "D "
"DialSuffix "= "; "
"CallSetupFailTimer "= "S7=<#> "
"SpeakerVolume_Low "= "L0 "
"SpeakerVolume_Med "= "L2 "
"SpeakerVolume_High "= "L3 "
"SpeakerMode_Off "= "M0 "
"SpeakerMode_Dial "= "M1 "
"SpeakerMode_On "= "M2 "
"SpeakerMode_Setup "= "M3 "
"FlowControl_Off "= "&K0 "
"FlowControl_Hard "= "&K3 "
"FlowControl_Soft "= "&K4 "
"ErrorControl_On "= "\\N3 "
"ErrorControl_Off "= "\\N1 "
"ErrorControl_Forced "= "\\N4 "
"Compression_Off "= "%C0 "
"Compression_On "= "%C1 "
"Modulation_CCITT "= "B0B15B2 "
"Modulation_Bell "= "B1B16B2 "
"SpeedNegotiation_Off "= "N0\\J1 "
"SpeedNegotiation_On "= "N1\\J1 "
"Pulse "= "P "
"Tone "= "T "
"Blind_Off "= "X4 "
"Blind_On "= "X3 "
"InactivityTimeOut "= "S30=<#> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Answer]
@DACL=(02 0000)
"1 "= "ATA<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Hangup]
@DACL=(02 0000)
"1 "= "ATH0<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Init]
@DACL=(02 0000)
"1 "= "AT<cr> "
"2 "= "ATE0V1&D2<cr> "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Monitor]
@DACL=(02 0000)
"1 "= "ATS0=0<cr> "
"2 "= "None "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\Settings]
@DACL=(02 0000)
"Prefix "= "AT "
"Terminator "= "<cr> "
"DialPrefix "= "D "
"Pulse "= "P "
"Tone "= "T "
"DialSuffix "=" "
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2832)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_029f5b2ddd167969\STacSV.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-06-12 12:57:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-12 16:57
ComboFix2.txt 2011-06-12 13:33
ComboFix3.txt 2011-06-11 23:06
ComboFix4.txt 2011-06-09 19:04
ComboFix5.txt 2011-06-12 16:42
.
Pre-Run: 13,406,670,848 bytes free
Post-Run: 13,244,612,608 bytes free
.
- - End Of File - - 1F019CF5630E030E03C4FB84F266A39C

broni · 2011/06/12

Well done

See, if TDSSKiller will run now.

Blufx · 2011/06/12

Nope. I tried running it, tried as an administrator, tried renaming it, tried renaming with a .com extension, and tried all this from safe mode. It wont do anything.

broni · 2011/06/12

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

Blufx · 2011/06/12

I started it as an administrator and it comes back saying unsupported Windows version.

broni · 2011/06/12

Some of your logs say:
Windows 6.1.7600 Service Pack 3
There is no Service Pack 3 for Windows 7, only Service Pack 1.
Is this legit Windows version?

Blufx · 2011/06/12

It may not be. I bought it second hand. Any way to remove service packs? I never had a problem running any program before.

broni · 2011/06/12

Download CKScanner from HERE

Important : Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Log in or Sign up

Inactive Google search results redirected

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Google search results redirected

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blufx Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches