1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Contact list hacked

Discussion in 'Malware and Virus Removal Archive' started by PAUL SHILLAM, 2011/11/04.

Page 2 of 3
  1. 2011/11/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #21
  2. 2011/11/09
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    This is all getting too complicated for me, and as I have not got any reoccurance of my contacts getting this unwanted message since I changed my password, I think I'll give this a miss. Thanks for your help anyway and I'll wait and see if anything more happens.

    Regards Paul
     
    PAUL SHILLAM,
    #22


  3. to hide this advert.

  4. 2011/11/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's not a good idea to stop cleaning process in the middle, but....it's your computer.
    Good luck!
     
    broni,
    #23
  5. 2011/11/10
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    Ok I'll give it a try in the next couple of days.
    Paul
     
    PAUL SHILLAM,
    #24
  6. 2011/11/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok.....
     
    broni,
    #25
  7. 2011/11/11
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    This is the first ComboFix log
    ComboFix 11-11-11.02 - Paul 11/11/2011 9:04.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1554 [GMT 0:00]
    Running from: c:\users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YE4I2IW7\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\SPL6894.tmp
    c:\programdata\SPL91D0.tmp
    c:\programdata\SPLBC4C.tmp
    c:\programdata\SPLC9B4.tmp
    c:\programdata\SPLDFA4.tmp
    c:\users\Paul\AppData\Roaming\.#
    c:\users\Paul\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
    c:\users\Paul\GoToAssistDownloadHelper.exe
    c:\windows\Temp\log.txt
    .
    Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
    Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 09:20 . 2011-11-11 09:38 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2011-11-11 09:20 . 2011-11-11 09:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-11 08:56 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A2AF609-68F8-4D44-B39B-82D1FFA4E9FC}\mpengine.dll
    2011-11-09 08:47 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 08:47 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 08:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-04 10:45 . 2011-11-04 10:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
    2011-11-04 10:44 . 2011-11-04 10:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-04 10:44 . 2011-11-04 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-04 10:44 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-01 17:34 . 2011-11-01 17:34 64272 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-10-29 08:26 . 2011-10-29 08:26 0 ---ha-w- c:\users\Paul\AppData\Local\BITD6AF.tmp
    2011-10-26 08:09 . 2011-10-26 08:09 -------- d-----w- c:\program files\Common Files\Java
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-24 07:42 . 2011-10-24 07:43 -------- d-----w- c:\program files\QuickTime
    2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\programdata\Apple Computer
    2011-10-15 08:24 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-10-15 08:24 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2011-10-15 08:24 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-17 07:31 . 2011-05-18 15:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2010-06-07 16:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-06 13:30 . 2011-10-14 08:48 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 02:35 . 2011-10-15 08:24 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28 . 2011-10-15 08:24 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22 . 2011-10-15 08:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-25 16:15 . 2011-10-15 08:27 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-15 08:27 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:14 . 2011-10-15 08:27 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 13:31 . 2011-10-15 08:27 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{51a86bb3-6602-4c85-92a5-130ee4864f13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    2010-09-12 15:02 3863136 ----a-w- c:\program files\BrotherSoft_Extreme\tbBrot.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{51a86bb3-6602-4c85-92a5-130ee4864f13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{51A86BB3-6602-4C85-92A5-130EE4864F13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
    "Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-14 1833504]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
    "LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
    "Acer ePower Management "= "c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-02-19 707104]
    "PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
    "lxdjamon "= "c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2010-12-03 13:44 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1 "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
    backup=c:\windows\pss\Orion.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
    DevDetect.exe -autorun [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
    2009-01-21 00:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
    2009-02-17 10:36 248576 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-01-21 00:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-07-22 13:50 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
    2009-05-07 08:46 335872 ----a-w- c:\program files\Garmin\MyGarminAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-22 13:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-04-27 99248]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
    R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-22 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-06 390528]
    S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-07 227312]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-02-19 666144]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-02-17 44800]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:03]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0309&m=aspire_5738
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
    HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-EgisTecLiveUpdate - c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
    MSConfigStartUp-mwlDaemon - c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    MSConfigStartUp-My Security Engine - c:\programdata\b8c30bb\MSb8c3.exe
    AddRemove-CANONIJPLM100 - c:\program files\Canon\IJPLM\SETUP.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-11 09:37
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.032 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.abr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.amr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ani "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.apd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.arw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bay "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bwf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cel "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cr2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.crw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cs1 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cur "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dcr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dcx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dib "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.djv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.djvu "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dng "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.emf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.eps "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.erf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.flc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fli "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fpx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.gif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.hdr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.icl "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.icn "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.iff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ilbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.int "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.inta "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.iw4 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.j2c "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.j2k "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jbr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jfif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jp2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpe "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpeg "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-3215841625-1124636919-3784849519-1000)
    "Progid "= "ACDSee Photo Manager 12.jpg "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpk "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.kar "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.kdc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.lbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m15 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m1a "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m2a "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m75 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mos "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mpv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mrw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.nef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.nrw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.orf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pbr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pcd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pct "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pcx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pgm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pic "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pics "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pict "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pix "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.png "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ppm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.psd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.psp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pspbrush "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pspimage "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.qcp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.qtpf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.raf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ras "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.raw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rgb "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rgba "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rle "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rsb "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rw2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rwl "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sdv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sfil "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sgi "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smi "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smil "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sml "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sr2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.srf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.swa "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tga "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.thm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tiff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ttc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ttf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ulw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30po "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30pp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30ppf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.vfw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wbmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wmf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xpm "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(8296)
    c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\windows\system32\lxdjcoms.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\msiexec.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\vssvc.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-11 09:51:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-11 09:51
    .
    Pre-Run: 70,709,653,504 bytes free
    Post-Run: 71,667,019,776 bytes free
    .
    - - End Of File - - 3A1F82FC40A4EE28431A7B6FCA5A5D9F
     
    PAUL SHILLAM,
    #26
  8. 2011/11/11
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    This is the rKill log
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 11/11/2011 at 10:09:38.
    Operating System: Windows Vista (TM) Home Basic


    Processes terminated by Rkill or while it was running:



    Rkill completed on 11/11/2011 at 10:09:55.
     
    PAUL SHILLAM,
    #27
  9. 2011/11/11
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    This is the ComboFix log after running rKill
    ComboFix 11-11-11.02 - Paul 11/11/2011 10:12:54.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1512 [GMT 0:00]
    Running from: C:\paul.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-11 10:06 . 2011-11-11 10:11 -------- d-----w- C:\paul
    2011-11-11 08:56 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A2AF609-68F8-4D44-B39B-82D1FFA4E9FC}\mpengine.dll
    2011-11-09 08:47 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 08:47 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 08:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-11-04 10:45 . 2011-11-04 10:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
    2011-11-04 10:44 . 2011-11-04 10:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-04 10:44 . 2011-11-04 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-04 10:44 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-29 08:26 . 2011-10-29 08:26 0 ---ha-w- c:\users\Paul\AppData\Local\BITD6AF.tmp
    2011-10-26 08:09 . 2011-10-26 08:09 -------- d-----w- c:\program files\Common Files\Java
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-24 07:42 . 2011-10-24 07:43 -------- d-----w- c:\program files\QuickTime
    2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\programdata\Apple Computer
    2011-10-15 08:27 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-15 08:27 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-15 08:27 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-15 08:27 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-14 08:48 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-14 08:48 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-14 08:48 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-14 08:48 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-14 08:48 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-17 07:31 . 2011-05-18 15:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2010-06-07 16:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{51a86bb3-6602-4c85-92a5-130ee4864f13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    2010-09-12 15:02 3863136 ----a-w- c:\program files\BrotherSoft_Extreme\tbBrot.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{51a86bb3-6602-4c85-92a5-130ee4864f13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{51A86BB3-6602-4C85-92A5-130EE4864F13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
    "Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-14 1833504]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
    "LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
    "Acer ePower Management "= "c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-02-19 707104]
    "PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
    "lxdjamon "= "c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2010-12-03 13:44 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1 "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
    backup=c:\windows\pss\Orion.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
    DevDetect.exe -autorun [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
    2009-01-21 00:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
    2009-02-17 10:36 248576 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-01-21 00:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-07-22 13:50 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
    2009-05-07 08:46 335872 ----a-w- c:\program files\Garmin\MyGarminAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-22 13:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-02-19 666144]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-04-27 99248]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
    R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-22 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-06 390528]
    S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-07 227312]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-02-17 44800]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:03]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0309&m=aspire_5738
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-11 11:50
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.032 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.abr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.amr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ani "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.apd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.arw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bay "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bwf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cel "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cr2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.crw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cs1 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cur "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dcr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dcx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dib "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.djv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.djvu "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dng "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.emf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.eps "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.erf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.flc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fli "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fpx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.gif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.hdr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.icl "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.icn "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.iff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ilbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.int "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.inta "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.iw4 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.j2c "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.j2k "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jbr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jfif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jp2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpe "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpeg "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-3215841625-1124636919-3784849519-1000)
    "Progid "= "ACDSee Photo Manager 12.jpg "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpk "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.kar "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.kdc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.lbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m15 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m1a "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m2a "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m75 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mos "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mpv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mrw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.nef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.nrw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.orf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pbr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pcd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pct "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pcx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pgm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pic "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pics "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pict "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pix "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.png "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ppm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.psd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.psp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pspbrush "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pspimage "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.qcp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.qtpf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.raf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ras "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.raw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rgb "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rgba "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rle "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rsb "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rw2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rwl "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sdv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sfil "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sgi "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smi "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smil "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sml "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sr2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.srf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.swa "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tga "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.thm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tiff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ttc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ttf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ulw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30po "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30pp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30ppf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.vfw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wbmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wmf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xpm "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(25640)
    c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
    .
    Completion time: 2011-11-11 11:54:33
    ComboFix-quarantined-files.txt 2011-11-11 11:54
    .
    Pre-Run: 73,310,896,128 bytes free
    Post-Run: 73,138,630,656 bytes free
    .
    - - End Of File - - 0E8232079C3E921B76371E536C6E215A
     
    PAUL SHILLAM,
    #28
  10. 2011/11/11
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    This is the ComboFix log after running rKill
    ComboFix 11-11-11.02 - Paul 11/11/2011 10:12:54.2.2 - x86
    Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.44.1033.18.3000.1512 [GMT 0:00]
    Running from: C:\paul.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\users\Paul\AppData\Local\temp
    2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-11 10:06 . 2011-11-11 10:11 -------- d-----w- C:\paul
    2011-11-11 08:56 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A2AF609-68F8-4D44-B39B-82D1FFA4E9FC}\mpengine.dll
    2011-11-09 08:47 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 08:47 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 08:47 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-11-04 10:45 . 2011-11-04 10:45 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
    2011-11-04 10:44 . 2011-11-04 10:44 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-04 10:44 . 2011-11-04 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-04 10:44 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-29 08:26 . 2011-10-29 08:26 0 ---ha-w- c:\users\Paul\AppData\Local\BITD6AF.tmp
    2011-10-26 08:09 . 2011-10-26 08:09 -------- d-----w- c:\program files\Common Files\Java
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2011-10-24 07:43 . 2011-10-24 07:43 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2011-10-24 07:42 . 2011-10-24 07:43 -------- d-----w- c:\program files\QuickTime
    2011-10-24 07:42 . 2011-10-24 07:42 -------- d-----w- c:\programdata\Apple Computer
    2011-10-15 08:27 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-15 08:27 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-15 08:27 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-15 08:27 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-10-14 08:48 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-14 08:48 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-14 08:48 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-14 08:48 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-14 08:48 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-17 07:31 . 2011-05-18 15:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-03 04:06 . 2010-06-07 16:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{51a86bb3-6602-4c85-92a5-130ee4864f13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    2010-09-12 15:02 3863136 ----a-w- c:\program files\BrotherSoft_Extreme\tbBrot.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{51a86bb3-6602-4c85-92a5-130ee4864f13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{51A86BB3-6602-4C85-92A5-130EE4864F13} "= "c:\program files\BrotherSoft_Extreme\tbBrot.dll" [2010-09-12 3863136]
    .
    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-22 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
    "Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-14 1833504]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
    "LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
    "Acer ePower Management "= "c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-02-19 707104]
    "PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
    "lxdjamon "= "c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-05 20480]
    "mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    .
    c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2010-12-03 13:44 13672 ----a-w- c:\program files\Citrix\GoToAssist\599\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1 "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @= "Service "
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=c:\windows\pss\Quicken Scheduled Updates.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
    backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
    path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
    backup=c:\windows\pss\Orion.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
    DevDetect.exe -autorun [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
    2009-01-21 00:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
    2009-02-17 10:36 248576 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2009-01-21 00:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-07-22 13:50 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarminAgent]
    2009-05-07 08:46 335872 ----a-w- c:\program files\Garmin\MyGarminAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-22 13:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-02-19 666144]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdjserv.exe [2007-04-27 99248]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
    R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-22 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
    S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-03-06 390528]
    S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-07 227312]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 94880]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-02-17 44800]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
    S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:03]
    .
    2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 10:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0309&m=aspire_5738
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-11 11:50
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.032 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.abr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.amr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ani "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.apd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.arw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bay "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.bwf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cel "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cr2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.crw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cs1 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.cur "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dcr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dcx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dib "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.djv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.djvu "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.dng "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.emf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.eps "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.erf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.flc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fli "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.fpx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.gif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.hdr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.icl "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.icn "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.iff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ilbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.int "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.inta "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.iw4 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.j2c "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.j2k "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jbr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jfif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jp2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpe "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpeg "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-3215841625-1124636919-3784849519-1000)
    "Progid "= "ACDSee Photo Manager 12.jpg "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpk "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.jpx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.kar "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.kdc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.lbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m15 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m1a "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m2a "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.m75 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mos "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mpv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.mrw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.nef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.nrw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.orf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pbr "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pcd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pct "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pcx "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pef "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pgm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pic "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pics "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pict "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pix "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.png "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ppm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.psd "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.psp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pspbrush "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.pspimage "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.qcp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.qtpf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.raf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ras "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.raw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rgb "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rgba "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rle "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rsb "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rw2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.rwl "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sdv "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sfil "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sgi "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smi "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.smil "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sml "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.sr2 "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.srf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.swa "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tga "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.thm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.tiff "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ttc "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ttf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.ulw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30po "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30pp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.v30ppf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.vfw "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wbmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.wmf "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xbm "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xif "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xmp "
    .
    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid "= "ACDSee Photo Manager 12.xpm "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    "MSCurrentCountry "=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(25640)
    c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
    .
    Completion time: 2011-11-11 11:54:33
    ComboFix-quarantined-files.txt 2011-11-11 11:54
    .
    Pre-Run: 73,310,896,128 bytes free
    Post-Run: 73,138,630,656 bytes free
    .
    - - End Of File - - 0E8232079C3E921B76371E536C6E215A
     
    PAUL SHILLAM,
    #29
  11. 2011/11/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    As you can see your computer still had some nasties.

    Combofix log looks good now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #30
  12. 2011/11/11
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    OTL Log
    OTL logfile created on: 11/11/2011 17:26:39 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.68% Memory free
    6.08 Gb Paging File | 4.37 Gb Available in Paging File | 71.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.28 Gb Total Space | 68.16 Gb Free Space | 48.94% Space Free | Partition Type: NTFS

    Computer Name: PAULSACERLAPTOP | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/11 17:25:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Downloads\OTL.exe
    PRC - [2011/11/11 12:39:23 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Paul\AppData\Local\temp\RtkBtMnt.exe
    PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/10/17 07:31:46 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2011/06/28 06:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/06/14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/19 21:22:44 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    PRC - [2009/02/19 17:32:36 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    PRC - [2009/02/19 03:42:48 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2009/02/17 10:36:36 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2008/12/26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    PRC - [2008/12/18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    PRC - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2008/01/22 08:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2007/04/27 07:26:30 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdjcoms.exe
    PRC - [2007/03/05 20:40:25 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 1400 Series\lxdjamon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/10/15 08:58:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/15 08:58:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/15 08:56:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/15 08:56:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/10/15 08:56:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/10/15 08:53:04 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/15 08:51:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/08/08 07:40:48 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
    MOD - [2007/04/25 17:12:25 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\App4R.Monitor.Core.dll
    MOD - [2007/04/25 17:12:25 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\App4R.Monitor.Common.dll
    MOD - [2007/04/25 17:11:29 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\App4R.DevMons.MCMDevMon.dll
    MOD - [2007/03/05 20:41:15 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
    MOD - [2007/03/05 20:40:22 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1400 Series\App4R.DevMons.ScanDevMon.dll
    MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/14 13:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 13:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/04/14 13:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV - [2010/12/03 13:44:17 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/02/19 17:32:36 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009/02/17 10:36:36 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2008/12/18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
    SRV - [2008/03/18 19:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/01/22 08:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/27 07:26:30 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdjcoms.exe -- (lxdj_device)
    SRV - [2007/04/27 07:26:09 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdjserv.exe -- (lxdjCATSCustConnectService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
    DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/08 07:40:48 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
    DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/05/18 09:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2011/05/18 09:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2011/04/14 13:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 13:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 13:01:38 | 000,165,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - [2011/04/14 13:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 13:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 13:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 13:01:38 | 000,064,584 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
    DRV - [2011/04/14 13:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 13:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/03/06 16:29:30 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)
    DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/07/02 03:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2008/12/29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/11/07 05:15:00 | 000,041,984 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2008/09/22 13:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/09/04 04:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/02/29 23:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0309&m=aspire_5738
    IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 C6 DE 5B 89 72 CB 01 [binary data]
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/07/20 10:43:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/11 09:39:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/07/20 10:43:38 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.187\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.187\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SiteAdvisor = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

    O1 HOSTS File: ([2011/11/11 09:35:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110528151037.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [lxdjamon] C:\Program Files\Lexmark 1400 Series\lxdjamon.exe (Lexmark)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{291669C1-93C7-44C3-AD31-67D47374E6C0}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47356C53-8DB9-4698-AC90-1857D162FE25}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: VIDC.ACDV - ACDV.dll File not found
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/11 15:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/11/11 11:54:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/11 11:54:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
    [2011/11/11 11:54:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/11/11 10:06:26 | 000,000,000 | ---D | C] -- C:\paul
    [2011/11/11 10:04:08 | 004,289,940 | R--- | C] (Swearware) -- C:\paul.exe
    [2011/11/11 09:00:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/11 09:00:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/11 09:00:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/09 16:39:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/09 16:34:14 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
    [2011/11/04 10:45:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
    [2011/11/04 10:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/04 10:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/04 10:44:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/11/04 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/26 08:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/10/26 08:05:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2011/10/26 08:05:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2011/10/26 08:05:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2011/10/24 07:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/10/24 07:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/10/24 07:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/10/15 08:27:14 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
    [2011/10/15 08:27:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
    [2011/10/15 08:24:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/10/15 08:24:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/10/15 08:24:08 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/10/15 08:24:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/10/15 08:24:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/10/14 08:48:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
    [2011/10/14 08:48:26 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
    [2011/10/14 08:48:26 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
    [2011/10/14 08:48:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
    [2011/10/14 08:48:19 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009/07/24 08:21:37 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdjinpa.dll
    [2009/07/24 08:21:37 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdjiesc.dll
    [2009/07/24 08:21:37 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxdjhcp.dll
    [2009/07/24 08:21:36 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxdjserv.dll
    [2009/07/24 08:21:36 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxdjusb1.dll
    [2009/07/24 08:21:35 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdjpmui.dll
    [2009/07/24 08:21:35 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdjlmpm.dll
    [2009/07/24 08:21:35 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdjprox.dll
    [2009/07/24 08:21:35 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdjpplc.dll
    [2009/07/24 08:21:34 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdjih.exe
    [2009/07/24 08:21:33 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxdjhbn3.dll
    [2009/07/24 08:21:32 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdjcoms.exe
    [2009/07/24 08:21:31 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomc.dll
    [2009/07/24 08:21:31 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxdjcomm.dll
    [2009/07/24 08:21:30 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxdjcfg.exe
    [2009/03/23 00:52:13 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
    [1 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/11 17:21:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/11 17:21:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/11 16:55:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/11 16:32:34 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/11/11 16:32:34 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/11/11 15:23:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/11 15:21:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/11 10:04:23 | 004,289,940 | R--- | M] (Swearware) -- C:\paul.exe
    [2011/11/11 09:35:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/11/10 13:24:25 | 000,006,057 | ---- | M] () -- C:\ProgramData\lxdj
    [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
    [2011/11/04 10:44:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/01 08:56:29 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/10/24 07:43:08 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/10/18 08:07:17 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
    [2011/10/18 07:57:23 | 000,033,792 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/17 07:31:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2011/10/15 08:49:01 | 000,324,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/10/14 07:59:29 | 000,000,680 | ---- | M] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
    [1 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/11 09:00:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/11 09:00:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/11 09:00:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/11 09:00:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/11 09:00:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/04 10:44:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/24 07:43:08 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/07/28 20:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/07/28 20:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/07/28 20:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/07/28 19:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/07/28 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2010/07/28 19:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2009/09/08 08:08:10 | 000,006,057 | ---- | C] () -- C:\ProgramData\lxdj
    [2009/08/08 08:52:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/08 08:52:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/24 13:45:57 | 000,000,680 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat
    [2009/07/24 12:21:30 | 000,000,176 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
    [2009/07/24 08:24:30 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdjcoin.dll
    [2009/07/24 08:22:02 | 000,000,060 | ---- | C] () -- C:\Windows\System32\lxdjrwrd.ini
    [2009/07/24 08:21:37 | 000,286,720 | ---- | C] () -- C:\Windows\System32\lxdjinst.dll
    [2009/07/24 08:21:33 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdjgrd.dll
    [2009/07/23 11:11:54 | 000,033,792 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/22 18:11:47 | 000,001,118 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2009/07/22 18:11:47 | 000,000,037 | ---- | C] () -- C:\Windows\intuprof.ini
    [2009/03/23 00:50:41 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
    [2009/03/23 00:50:41 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2009/03/23 00:50:41 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2009/03/22 17:17:17 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
    [2009/03/22 17:02:34 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
    [2009/03/22 17:02:34 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2009/03/22 17:02:33 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
    [2009/03/16 17:42:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/02/27 01:35:37 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
    [2009/02/27 01:35:37 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
    [2009/02/27 01:35:36 | 000,000,061 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2009/02/27 01:35:36 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
    [2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 12:44:53 | 000,324,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 10:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 10:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/05/18 14:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdjvs.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2002/02/11 16:51:08 | 012,029,360 | ---- | M] (ACD Systems Ltd ) -- C:\acdsee.exe
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/10 23:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/11/11 11:54:33 | 000,042,347 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/08/19 11:46:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/10/14 11:58:13 | 000,000,324 | ---- | M] () -- C:\lxdj.log
    [2009/08/19 11:46:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/11/11 15:21:34 | 3460,395,008 | -HS- | M] () -- C:\pagefile.sys
    [2009/03/05 03:27:40 | 000,002,429 | -HS- | M] () -- C:\Patch.rev
    [2011/11/11 10:04:23 | 004,289,940 | R--- | M] (Swearware) -- C:\paul.exe
    [2009/03/17 03:35:35 | 000,000,165 | RHS- | M] () -- C:\Preload.rev
    [2009/03/22 17:03:15 | 000,002,498 | ---- | M] () -- C:\RHDSetup.log
    [2011/11/11 10:09:55 | 000,000,368 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/08/09 08:11:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/10/08 19:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD9E.DLL
    [2008/10/08 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP9E.DLL
    [2006/11/02 09:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
    [2007/02/27 17:16:25 | 000,103,936 | ---- | M] () -- C:\Windows\system32\spool\prtprocs\w32x86\lxdjdrpp.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/03/16 10:22:11 | 000,000,286 | -HS- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2006/09/22 13:06:11 | 000,805,888 | ---- | M] () -- C:\Users\Paul\My Documents\F1UP0001.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/07/22 13:50:54 | 000,000,402 | -HS- | M] () -- C:\Users\Paul\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/03/22 17:17:02 | 000,004,534 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log
    [2011/11/10 13:24:25 | 000,006,057 | ---- | M] () -- C:\ProgramData\lxdj

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D158BAF9
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

    < End of report >
     
    PAUL SHILLAM,
    #31
  13. 2011/11/11
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    OTI extras
    OTL Extras logfile created on: 11/11/2011 17:26:39 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paul\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 54.68% Memory free
    6.08 Gb Paging File | 4.37 Gb Available in Paging File | 71.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.28 Gb Total Space | 68.16 Gb Free Space | 48.94% Space Free | Partition Type: NTFS

    Computer Name: PAULSACERLAPTOP | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3215841625-1124636919-3784849519-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FBD2055-93A4-4536-AB0E-FCCD72DE1A87}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{143A3CDC-B2AF-4606-B125-71F2F80342A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{48AF09E4-62F1-456F-9B60-8CB48491081F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5037B924-4A26-4127-886B-202C7766D96D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5A923D32-A9BF-4EDC-BF53-E53311B37478}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6CC0CEB1-E437-443B-A388-7EE1D96FB8DD}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6FB01C6D-3474-48CA-A2FF-375BA7268DB2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{75F5EEEE-3328-4072-B933-55D5DEC442F2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8AE7987A-92F3-4A84-8634-BCB7AA3B5622}" = rport=137 | protocol=17 | dir=out | app=system |
    "{97EF991C-B379-44E3-89D6-B963E6E97DDD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{993A96FF-18FF-4B33-8E08-60390303BF98}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9C9B9E49-913C-43A9-8F0E-A0A5EB5675F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A14CCCC0-D990-4B8B-9800-81C3658FEB36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A55AD5DC-E69C-4F0C-853F-C5B7843F470A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A6D05023-D9C0-4906-B265-DE787021C537}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E0F571E8-E41A-4173-A029-752B5FACCF60}" = rport=138 | protocol=17 | dir=out | app=system |
    "{EBA7CF0E-B9C8-492B-A4F6-B37E51DF20B4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{FF4B67A8-02CB-4857-AFB2-25D2549CE027}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D4C50E5-998B-4368-9F33-DD8EFD31DA3C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{236D790C-BBC6-48EA-A2DE-A29366BAB757}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{264B8460-A54B-4917-B5AD-B61BC6F31CA2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{2E79C000-49DA-4137-87AB-3CE88AC7A2AB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
    "{33B1D18F-A211-4AC5-8F30-EDE22C308AB6}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
    "{3929C4F6-9205-41F1-86B9-225FE6D7D841}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
    "{430E3B18-7B60-4F5B-A43F-536141532358}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
    "{431D18A9-0D3E-4CE0-9EC5-432725EDE783}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{47E29F04-78F5-47B0-A029-5C12AFE6F315}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{5A8E94A7-F057-41C0-B4F4-7A9E6C1E4D7F}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjjswx.exe |
    "{5D5C574E-C709-490A-AE03-09A2E5B5BE81}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{64D037F3-C334-4E8C-A137-B011AA451A8A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
    "{654115C3-9CB4-4A75-9BDC-BF43F6435BDC}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
    "{663553B2-1681-4B44-BD13-129D9520F7D2}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\app4r.exe |
    "{6DAEE89D-570A-43CD-A24A-D0C0D134C281}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{76735657-24BF-4275-9C9F-067A1074E2D0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{78CF3565-7FAD-4DB9-A0DA-0F71F21C32E4}" = protocol=17 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
    "{7F38B905-6EC9-439E-82BA-45FB3A70DC2C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{84DDD2CE-154E-41B0-82B5-9B44E8D9986E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
    "{94CBC1A0-A163-4758-86AD-6C220A94AC16}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjpswx.exe |
    "{9AC1F872-39F1-40F2-BE4E-D6C64E498DDB}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
    "{A8F7D218-46D4-4F25-9A3E-9A296162388C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{A960D9C7-E247-44E2-8B25-8468428BB2FD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B202786B-E077-4215-A6F9-2CB3D3E08214}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
    "{B7E52474-F65F-4151-8E79-B72F197153BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BA069D26-0778-4059-AABF-C2BF3E48586D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdjtime.exe |
    "{C50C06A9-E00C-470D-904C-3A949F457016}" = protocol=6 | dir=in | app=c:\program files\lexmark 1400 series\lxdjamon.exe |
    "{C67DD530-58BB-4591-8F31-44C398354872}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{C8B69AEB-A02D-4E5B-AD52-1E052C77D75D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{CF43B588-8531-4C92-9F00-41F020D4CE15}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{DB617322-CB9A-418C-80DB-C7C2BBCB9F8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E5DD2882-EF52-4275-A33C-426845859813}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
    "{F82A6C29-773F-40AE-9408-73FE917522F2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{AD844D40-3DCE-4E2C-BD93-A062108E0C7C}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
    "TCP Query User{CF062D35-BCFA-4FD8-A191-F65185C64A3E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "TCP Query User{D50F1BF3-C24C-43C3-BDCC-09FFF4C1687E}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=6 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
    "UDP Query User{57034722-C805-4B11-AD23-1DBBAB159404}C:\program files\iomega\quikprotect\quikprotect.exe" = protocol=17 | dir=in | app=c:\program files\iomega\quikprotect\quikprotect.exe |
    "UDP Query User{B58E9BBD-57F7-414A-8F77-E25D79B6832A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "UDP Query User{DA74551B-5EA7-421E-B8CE-3CA0BF392F2D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{07035AB3-5C70-3315-35A9-CFFECA140880}" = BBC iPlayer Desktop
    "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{12372F50-C885-424C-90A1-35A6EFFF4A66}" = Garmin Communicator Plugin with MyGarmin Agent
    "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
    "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
    "{366CC735-543D-42CB-9C03-D7512314DE52}" = Quicken 2004
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
    "{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
    "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E394CC6D-9F54-41CC-9415-6FFF07885881}" = Garmin WebUpdater
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Acer Screensaver" = Acer ScreenSaver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist Corporate
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "Lexmark 1400 Series" = Lexmark 1400 Series
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSC" = BT NetProtect Plus
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "Rapport_msi" = Rapport
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    Error - 06/10/2010 03:43:42 | Computer Name = PaulsAcerLaptop | Source = OviSuite | ID = 1
    Description =

    [ System Events ]
    Error - 11/11/2011 05:43:55 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7011
    Description =

    Error - 11/11/2011 06:12:40 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 07:27:01 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 07:50:14 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/11/2011 08:39:47 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/11/2011 08:39:47 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7009
    Description =

    Error - 11/11/2011 08:39:47 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/11/2011 11:23:19 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/11/2011 11:23:19 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7009
    Description =

    Error - 11/11/2011 11:23:19 | Computer Name = PaulsAcerLaptop | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
    PAUL SHILLAM,
    #32
  14. 2011/11/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3215841625-1124636919-3784849519-1000\..Trusted Ranges: GD ([http] in Local intranet)
[1 C:\Users\Paul\AppData\Local\*.tmp files -> C:\Users\Paul\AppData\Local\*.tmp -> ]
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D158BAF9
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #33
  15. 2011/11/12
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    McAfee Security Scan Plus
    McAfee Virtual Technician
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 29
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
    PAUL SHILLAM,
    #34
  16. 2011/11/12
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    Eset Scanner ran for three hours but did not find any threats.
     
    PAUL SHILLAM,
    #35
  17. 2011/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
    broni,
    #36
  18. 2011/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh, btw I don't see any AV program running.
    What happened to McAfee?
     
    broni,
    #37
  19. 2011/11/13
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    McAfee is running it's called NetProtect Plus
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Temp folder emptied: 268943 bytes
    ->Temporary Internet Files folder emptied: 6529609 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 470 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2434 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11132011_095021

    Files\Folders moved on Reboot...
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Paul\AppData\Local\Trusteer\Rapport\user\logs\koan.2204.log moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Paul\AppData\Local\Trusteer\Rapport\user\logs\koan.4980.log moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S4J2LB3\100813-active-contact-list-hacked-2[1].htm moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S4J2LB3\fastbutton[2].htm moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1S4J2LB3\like[1].htm moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
     
    PAUL SHILLAM,
    #38
  20. 2011/11/13
    PAUL SHILLAM Lifetime Subscription

    PAUL SHILLAM Well-Known Member Thread Starter

    Joined:
    2002/01/13
    Messages:
    293
    Likes Received:
    0
    Thanks for your help my computer seems fine now, nobody has received an email perporting to be from me since I changed my mail password.
    Thanks again Paul
     
    PAUL SHILLAM,
    #39
  21. 2011/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I see. I assume this is some McAfee version provided by your ISP correct?

    In any case...
    Good luck and stay safe :)
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...