Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Too Many Unknown Connections


  • This topic is locked This topic is locked
18 replies to this topic

#1 lwiley

lwiley

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 04 September 2009 - 01:23 PM

I've had this problem for months. Dozens of times a day I will get a timeout/connection-lost on my browser when refreshing or grabbing a new page. My ISP says I have a virus/malware problem or I'm using P2P software. They monitored my router and in one 24 hour period they had refused over 600,000 connections from my router - their limit is 200 connections at one time.

I'm not doing any file sharing (P2P) stuff. All of the virus/malware scans come up clean (Trend Micro, Spyware Doctor, Ad-Aware). I've studied my active tasks and services with WinPatrol and TUT and cannot find anything suspicious. I now suspect some kind of rootkit attack.

I did run CurrPorts (which can be found here) and it showed numerous suspicious connections to places like:

a96-16-220-20.deploy.akamaitechnologies.com, and
cdce.sje008.internap.com

Here are my logs. I hope I'm doing this right.

PLEASE NOTE: The File part of the RootRepeal could not be run because after 10 minutes or so it would hang on this file: c:\windows\winsxs\msil_cscompmgd_b03f5f7f11d50a3a_6.0.6000.16588_none_18c2bb04a9b13b18\. So I ran it without the file scan.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Leroy at 9:27:22.05 on Fri 09/04/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3325.1984 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
c:\users\leroy\appdata\roaming\uniblue\driverscanner\download\hdaudio_func_01_ven_8384_dev_76186_10_6052_2\v095_d5902.1_g2.0xp_d6052.2_g2.0v_rc_w_sdc\disk1\wdm\vista\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\System32\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRAM FILES\MAGICDISC\MAGICDISC.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Download\DDS Tool\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://cm.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
uRun: [EPSON Stylus Photo R1900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticua.exe /fu "c:\windows\temp\E_S9078.tmp" /EF "HKCU"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\users\leroy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\leroy\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture image with GKB - c:\program files\general knowledge base\2.4\CaptureWebImage.htm
IE: Capture web page with GKB - c:\program files\general knowledge base\2.4\CaptureWebPage.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open image in PhotoME... - c:\program files\photome\iemenuext.html
IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: altaeptax.com\www
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: {55A390C6-ED13-4D99-80CE-C3A64B83FBA5} = 208.67.222.222,
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: GoToAssist -
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\leroy\appdata\roaming\mozilla\firefox\profiles\bzmruyu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://forums.dpreview.com/forums/forum.asp?forum=1039|http://dustyden.org/phpbb/index.php|http://mail.google.com/mail/?shva=1#inbox|http://nikongear.com/smf/
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\leroy\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.max.tokenizing.time - 2250000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-2 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-18 206256]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-12-14 145424]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-3 20376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-12-14 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2008-12-14 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-15 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-12-14 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-12-14 256528]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\progra~1\lacieb~1\DDCDrv.sys [2008-5-1 7680]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-5-19 4096]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-3-11 5632]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 gupdate1ca00ef7c68d525;Google Update Service (gupdate1ca00ef7c68d525);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S3 DCSCUSB;Spectrocolorimeter Driver (dcscusb.sys);c:\windows\system32\drivers\dcscusb.sys [2006-11-22 18816]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-12 29744]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2008-5-1 44344]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-8-23 348752]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]
S4 IntuitUpdateService;IntuitUpdateService;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S4 TuneUp.ProgramStatisticsSvc;TuneUp.ProgramStatisticsSvc;c:\windows\system32\tuprogst.exe --> c:\windows\system32\TUProgSt.exe [?]

=============== Created Last 30 ================

2009-09-03 14:40 <DIR> --d----- c:\users\leroy\.gem
2009-09-03 13:15 <DIR> --d----- c:\program files\Pure Networks
2009-09-03 13:15 76,184 a------- c:\windows\system32\atsckernel.exe
2009-09-03 13:15 20,376 a------- c:\windows\system32\atashost.exe
2009-09-03 13:12 26,672 a------- c:\windows\system32\drivers\pnarp.sys
2009-09-03 13:12 27,696 a------- c:\windows\system32\drivers\purendis.sys
2009-09-03 13:12 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-09-03 13:11 <DIR> --d----- c:\programdata\Pure Networks
2009-09-03 13:11 <DIR> --d----- c:\progra~2\Pure Networks
2009-09-02 15:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 15:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 13:43 <DIR> --d----- c:\users\leroy\.housecall6.6
2009-09-02 13:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-02 13:23 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-02 13:19 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-02 13:19 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-02 13:19 <DIR> --d----- c:\programdata\Lavasoft
2009-09-02 12:49 <DIR> --d----- c:\program files\Lavasoft
2009-09-02 00:58 <DIR> --d----- c:\programdata\Sync Services
2009-09-02 00:58 <DIR> --d----- c:\progra~2\Sync Services
2009-09-02 00:58 <DIR> --d----- c:\programdata\Trance Pad
2009-09-02 00:58 <DIR> --d----- c:\progra~2\Trance Pad
2009-09-01 15:34 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-08-30 11:02 <DIR> --d----- c:\users\leroy\appdata\roaming\Expression Media 2
2009-08-29 22:25 <DIR> --dsh--- C:\Diskeeper
2009-08-29 21:01 <DIR> --d----- c:\program files\common files\Diskeeper Corporation
2009-08-29 21:01 <DIR> --d----- c:\programdata\Diskeeper Corporation
2009-08-29 21:01 <DIR> --d----- c:\progra~2\Diskeeper Corporation
2009-08-29 20:53 <DIR> --d----- c:\users\leroy\Diskeeper
2009-08-26 17:41 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-26 10:33 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-26 10:26 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 10:24 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-26 10:24 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-08-26 10:24 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 10:24 270,848 a------- c:\windows\system32\schannel.dll
2009-08-26 10:24 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-26 10:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-26 10:24 72,704 a------- c:\windows\system32\secur32.dll
2009-08-26 10:24 9,728 a------- c:\windows\system32\lsass.exe
2009-08-24 20:54 <DIR> --d----- c:\program files\Diskeeper Corporation
2009-08-22 12:37 <DIR> --d----- c:\users\leroy\appdata\roaming\TextSoap
2009-08-20 07:21 <DIR> --d----- c:\windows\system32\Service
2009-08-18 13:52 <DIR> --d----- c:\program files\123di_6004
2009-08-13 15:50 <DIR> --d----- c:\users\leroy\appdata\roaming\WordWeb
2009-08-12 21:47 71,680 a------- c:\windows\system32\atl.dll
2009-08-12 21:47 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-12 21:46 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-12 21:46 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-12 21:46 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-12 21:46 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-12 21:46 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-12 21:46 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-12 21:46 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-12 21:46 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-12 21:46 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-07 17:07 <DIR> --d----- c:\program files\Walmart MP3 Music Downloads

==================== Find3M ====================

2009-09-03 13:14 143,360 a------- c:\windows\inf\infstor.dat
2009-09-03 13:14 86,016 a------- c:\windows\inf\infpub.dat
2009-09-03 13:14 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-02 01:00 20 ----h--- c:\programdata\PKP_DLbz.DAT
2009-09-02 01:00 20 ----h--- c:\programdata\PKP_DLbx.DAT
2009-09-02 01:00 20 ----h--- c:\programdata\PKP_DLbw.DAT
2009-09-02 01:00 20 ----h--- c:\progra~2\PKP_DLbz.DAT
2009-09-02 01:00 20 ----h--- c:\progra~2\PKP_DLbx.DAT
2009-09-02 01:00 20 ----h--- c:\progra~2\PKP_DLbw.DAT
2009-09-01 15:34 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 05:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 05:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 05:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 05:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-21 10:25 60,744 a------- c:\users\leroy\g2mdlhlpx.exe
2009-07-04 18:57 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-15 08:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 08:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 08:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 05:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-10 08:35 1,194,528 a------- c:\windows\system32\nvcplui.exe
2009-06-10 08:35 1,296,928 a------- c:\windows\system32\nvsvs.dll
2009-06-10 08:34 143,360 a------- c:\windows\system32\nvshext.dll
2009-06-10 06:33 244,736 a------- c:\windows\system32\nvStInst.exe
2009-06-10 06:33 467,968 a------- c:\windows\system32\nvstlink.exe
2009-06-10 06:33 3,953,152 a------- c:\windows\system32\nvstwiz.exe
2009-06-10 06:33 141,824 a------- c:\windows\system32\nvStereoApiI.dll
2009-06-10 06:33 171,520 a------- c:\windows\system32\nvStereoApiI64.dll
2009-06-10 06:33 232,960 a------- c:\windows\system32\nvSCPAPISvr.exe
2009-06-10 06:32 257,536 a------- c:\windows\system32\nvSCPAPI.dll
2009-06-10 06:32 301,568 a------- c:\windows\system32\nvSCPAPI64.dll
2009-06-10 06:32 3,293,184 a------- c:\windows\system32\nvstres.dll
2009-06-10 06:32 5,847 a------- c:\windows\system32\oglstreg.reg
2009-06-10 06:31 167,424 a------- c:\windows\system32\nvstreg.exe
2009-06-10 06:31 1,718,272 a------- c:\windows\system32\nvsttest.exe
2009-06-10 06:31 1,034,752 a------- c:\windows\system32\nvstview.exe
2009-06-10 06:31 89,088 a------- c:\windows\system32\nvimage.dll
2009-06-10 06:29 1,656 a------- c:\windows\system32\nvstdef.reg
2009-06-10 06:03 1,704,960 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,317,408 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 678,432 a------- c:\windows\system32\nvcuvid.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod155.dll
2009-05-25 12:56 20 ----h--- c:\programdata\PKP_DLdw.DAT
2009-05-25 12:56 20 ----h--- c:\progra~2\PKP_DLdw.DAT
2009-02-20 00:19 2,057,756,582 a------- c:\users\leroy\garmin_rmu_cnnant2009_1.exe
2008-08-25 02:09 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-08-25 02:09 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-06-21 13:12 20 ----h--- c:\programdata\PKP_DLea.DAT
2008-06-21 13:12 20 ----h--- c:\progra~2\PKP_DLea.DAT
2008-06-16 06:04 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-02 23:19 20 ----h--- c:\programdata\PKP_DLck.DAT
2008-06-02 23:19 20 ----h--- c:\progra~2\PKP_DLck.DAT
2008-03-18 18:58 174 a--sh--- c:\program files\desktop.ini
2008-03-12 13:17 60,968 a------- c:\users\leroy\GoToAssistDownloadHelper.exe
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-13 10:26 88 ---shr-- c:\windows\system32\C721EDAE18.sys
2009-01-19 10:26 23 a--sh--- c:\windows\system32\ecefdbeb_z.dll
2008-11-30 12:07 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 9:28:14.96 ===============


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/04 10:53
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x924DD000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x924D2000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_dumpfve.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpfve.sys
Address: 0x924E5000 Size: 69632 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA99B5000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1280 Status: Locked to the Windows API!

SSDT
-------------------
#: 064 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x88b19100

#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x88b18340

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x88b18600

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x88b19f60

#: 123 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x88b19680

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x88b19940

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x88b1a2a0

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x88b18b80

#: 324 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x88b193c0

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x88b18e40

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x88b19dc0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x88b1a100

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0x88b188c0

Stealth Objects
-------------------
Object: Hidden Module [Name: UfSeAgnt.exe.mui]
Process: UfSeAgnt.exe (PID: 3628) Address: 0x10000000 Size: 114688

Shadow SSDT
-------------------
#: 572 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "<unknown>" at address 0x88b1a900

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x88b1a720

==EOF==

Attached Files


Leroy

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:37 PM

Posted 21 September 2009 - 07:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 21 September 2009 - 08:47 AM

I'm out of town currently. I should be back at my desktop in a day or two. I will reply then. Thank you.

Edited by lwiley, 21 September 2009 - 09:34 AM.

Leroy

#4 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 22 September 2009 - 03:58 PM

Thank you for your time. The issue may be resolved but I would appreciate your opinion on the matter.

The Problem
Using CurrPorts (found here), I was seeing 150-220 connections at different times of the day. Please note, other tools will under-report connections - CurrPorts is the best tool I found for getting a real number. Those connections were causing web pages to slow and/or not come up at all because my ISP has a router connection limit of 200.

What I've Done Since My First Post
I ran MalwareBytes (full scan this time) and accepted it's recommendations. I requested a public IP address (additional cost) from my ISP which removes the 200 connection limit.

What I See Now
It is now running fine. Now when I check my connections with CurrPorts it reports 65-100 connections. So I may be clean now (maybe it was not infected in the first place). I also now see this message while it boots up:

lsdelete program not found - skipping autocheck

I don't notice any ill effects though.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Leroy at 13:08:59.39 on Tue 09/22/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1465 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\AnVir Task Manager Pro\AnVir.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRAM FILES\MAGICDISC\MAGICDISC.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Download\DDS Tool\Next Round\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://cm.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [Zinio DLM] c:\program files\zinio\ZinioReader.exe /autostart
uRun: [EPSON Stylus Photo R1900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticua.exe /fu "c:\windows\temp\E_S9078.tmp" /EF "HKCU"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [VistaStartMenu] c:\program files\vista start menu\VistaStartMenu.exe
uRun: [AnVir Task Manager Pro] "c:\program files\anvir task manager pro\AnVir.exe" Minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
StartupFolder: c:\users\leroy\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\users\leroy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

\ONENOTEM.EXE
StartupFolder: c:\users\leroy\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture image with GKB - c:\program files\general knowledge base\2.4\CaptureWebImage.htm
IE: Capture web page with GKB - c:\program files\general knowledge base\2.4\CaptureWebPage.htm
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Open image in PhotoME... - c:\program files\photome\iemenuext.html
IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: altaeptax.com\www
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: {55A390C6-ED13-4D99-80CE-C3A64B83FBA5} = 208.67.222.222,
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\object desktop\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\leroy\appdata\roaming\mozilla\firefox\profiles\bzmruyu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://forums.dpreview.com/forums/forum.asp?

forum=1039|http://dustyden.org/phpbb/index.php|http://mail.google.com/mail/?shva=1#inbox|http://nikongear.com/smf/
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\leroy\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.max.tokenizing.time - 2250000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-18 206256]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2008-12-14 145424]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-3 20376]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-15 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2008-12-14 256528]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-9-19 604488]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\progra~1\lacieb~1\DDCDrv.sys [2008-5-1 7680]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-5-19 4096]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2008-3-11 5632]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 gupdate1ca00ef7c68d525;Google Update Service (gupdate1ca00ef7c68d525);c:\program files\google\update\GoogleUpdate.exe [2009-7-9 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-12-14 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2008-12-14 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-12-14 677128]
S3 DCSCUSB;Spectrocolorimeter Driver (dcscusb.sys);c:\windows\system32\drivers\dcscusb.sys [2006-11-22 18816]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-12 29744]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2008-5-1 44344]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-8-23 348752]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-2-13 12288]
S4 IntuitUpdateService;IntuitUpdateService;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S4 Stereo Service;Stereo Service;c:\windows\system32\nvSCPAPISvr.exe [2009-6-10 232960]

=============== Created Last 30 ================

2009-09-21 17:26 <DIR> --d----- c:\users\leroy\appdata\roaming\Stardock
2009-09-21 17:25 <DIR> -cd-h--- c:\programdata\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-09-21 17:25 <DIR> -cd-h--- c:\progra~2\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-09-21 17:25 <DIR> --d----- c:\programdata\Stardock
2009-09-21 17:25 <DIR> --d----- c:\progra~2\Stardock
2009-09-19 16:53 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-09-19 16:53 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-09-19 16:53 17,224 a------- c:\windows\system32\authuitu.dll
2009-09-19 16:53 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-09-18 10:14 326,656 a------- c:\windows\system32\drivers\stwrt.sys
2009-09-18 10:14 587,776 a------- c:\windows\system32\stapo.dll
2009-09-18 10:14 492,544 a------- c:\windows\system32\ctapo32.dll
2009-09-18 10:14 326,144 a------- c:\windows\system32\stcplx.dll
2009-09-18 10:14 244,736 a------- c:\windows\system32\stapi32.dll
2009-09-18 10:14 45,568 a------- c:\windows\system32\ctppld.dll
2009-09-18 10:14 <DIR> --d----- c:\program files\SigmaTel
2009-09-18 09:26 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-18 09:26 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-18 09:26 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-18 09:23 0 a---h--- c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2009-09-16 11:45 <DIR> --d----- c:\program files\BurnSoft
2009-09-14 16:48 <DIR> --d----- c:\programdata\Camera Bits, Inc
2009-09-14 16:48 <DIR> --d----- c:\progra~2\Camera Bits, Inc
2009-09-14 13:33 <DIR> --d----- c:\users\leroy\appdata\roaming\Camera Bits, Inc
2009-09-14 13:31 <DIR> --d----- c:\program files\Camera Bits
2009-09-14 10:24 <DIR> --d----- c:\program files\AnVir Task Manager Pro
2009-09-14 08:42 <DIR> --d----- c:\programdata\McAfee Security Scan
2009-09-14 08:42 <DIR> --d----- c:\progra~2\McAfee Security Scan
2009-09-08 13:43 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-08 13:43 105,984 a------- c:\windows\system32\netiohlp.dll
2009-09-08 13:43 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 13:43 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-08 13:43 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-08 13:43 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-08 13:43 17,920 a------- c:\windows\system32\netevent.dll
2009-09-08 13:43 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-08 13:43 10,240 a------- c:\windows\system32\finger.exe
2009-09-08 13:43 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-08 13:43 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-08 13:42 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-08 13:42 513,536 a------- c:\windows\system32\wlansvc.dll
2009-09-08 13:42 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 13:42 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-08 13:42 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-08 13:42 68,096 a------- c:\windows\system32\wlanhlp.dll
2009-09-08 13:42 65,024 a------- c:\windows\system32\wlanapi.dll
2009-09-08 13:41 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-08 13:41 98,816 a------- c:\windows\system32\mfps.dll
2009-09-08 13:41 53,248 a------- c:\windows\system32\rrinstaller.exe
2009-09-08 13:41 24,576 a------- c:\windows\system32\mfpmp.exe
2009-09-08 13:41 2,048 a------- c:\windows\system32\mferror.dll
2009-09-04 21:44 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-03 14:40 <DIR> --d----- c:\users\leroy\.gem
2009-09-03 13:15 76,184 a------- c:\windows\system32\atsckernel.exe
2009-09-03 13:15 20,376 a------- c:\windows\system32\atashost.exe
2009-09-02 15:21 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 15:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 13:43 <DIR> --d----- c:\users\leroy\.housecall6.6
2009-09-02 13:19 <DIR> --d----- c:\programdata\Lavasoft
2009-09-02 12:49 <DIR> --d----- c:\program files\Lavasoft
2009-09-02 00:58 <DIR> --d----- c:\programdata\Sync Services
2009-09-02 00:58 <DIR> --d----- c:\progra~2\Sync Services
2009-09-02 00:58 <DIR> --d----- c:\programdata\Trance Pad
2009-09-02 00:58 <DIR> --d----- c:\progra~2\Trance Pad
2009-09-01 15:34 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-08-30 11:02 <DIR> --d----- c:\users\leroy\appdata\roaming\Expression Media 2
2009-08-29 22:25 <DIR> --dsh--- C:\Diskeeper
2009-08-29 21:01 <DIR> --d----- c:\program files\common files\Diskeeper Corporation
2009-08-29 21:01 <DIR> --d----- c:\programdata\Diskeeper Corporation
2009-08-29 21:01 <DIR> --d----- c:\progra~2\Diskeeper Corporation
2009-08-29 20:53 <DIR> --d----- c:\users\leroy\Diskeeper
2009-08-26 17:41 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-26 17:39 472,064 a------- c:\windows\system32\secproc.dll
2009-08-26 17:38 1,382,912 a------- c:\windows\system32\WMVSDECD.DLL
2009-08-26 17:37 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-08-26 17:37 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-08-26 17:37 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-08-26 17:37 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-08-26 17:37 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-08-26 17:37 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-08-26 17:37 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-08-26 17:37 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-08-26 17:37 218,624 a------- c:\windows\system32\wdscore.dll
2009-08-26 17:37 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-08-26 17:37 247,808 a------- c:\windows\system32\drvstore.dll
2009-08-26 10:33 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-26 10:26 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 10:24 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-26 10:24 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-26 10:24 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-26 10:24 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 10:24 270,848 a------- c:\windows\system32\schannel.dll
2009-08-26 10:24 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-26 10:24 72,704 a------- c:\windows\system32\secur32.dll
2009-08-26 10:24 9,728 a------- c:\windows\system32\lsass.exe
2009-08-26 03:14 1,696,768 a------- c:\windows\system32\gameux.dll
2009-08-24 20:54 <DIR> --d----- c:\program files\Diskeeper Corporation

==================== Find3M ====================

2009-09-18 15:27 20 ----h--- c:\programdata\PKP_DLbz.DAT
2009-09-18 15:27 20 ----h--- c:\programdata\PKP_DLbx.DAT
2009-09-18 15:27 20 ----h--- c:\programdata\PKP_DLbw.DAT
2009-09-18 15:27 20 ----h--- c:\progra~2\PKP_DLbz.DAT
2009-09-18 15:27 20 ----h--- c:\progra~2\PKP_DLbx.DAT
2009-09-18 15:27 20 ----h--- c:\progra~2\PKP_DLbw.DAT
2009-09-18 10:14 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-18 10:14 86,016 a------- c:\windows\inf\infpub.dat
2009-09-18 10:14 143,360 a------- c:\windows\inf\infstor.dat
2009-09-18 10:07 61,224 a------- c:\users\leroy\GoToAssistDownloadHelper.exe
2009-09-18 09:26 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-01 15:34 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-08-28 19:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 19:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 19:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 19:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 14:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 14:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 13:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-21 10:25 60,744 a------- c:\users\leroy\g2mdlhlpx.exe
2009-07-17 06:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 05:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 05:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 05:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 05:39 7,680 a------- c:\windows\system32\spwmp.dll
2009-05-25 12:56 20 ----h--- c:\programdata\PKP_DLdw.DAT
2009-05-25 12:56 20 ----h--- c:\progra~2\PKP_DLdw.DAT
2009-02-20 00:19 2,057,756,582 a------- c:\users\leroy\garmin_rmu_cnnant2009_1.exe
2008-08-25 02:09 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-08-25 02:09 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-06-21 13:12 20 ----h--- c:\programdata\PKP_DLea.DAT
2008-06-21 13:12 20 ----h--- c:\progra~2\PKP_DLea.DAT
2008-06-02 23:19 20 ----h--- c:\programdata\PKP_DLck.DAT
2008-06-02 23:19 20 ----h--- c:\progra~2\PKP_DLck.DAT
2008-03-18 18:58 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-13 10:26 88 ---shr-- c:\windows\system32\C721EDAE18.sys
2009-01-19 10:26 23 a--sh--- c:\windows\system32\ecefdbeb_z.dll
2008-11-30 12:07 2,516 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:09:18.79 ===============

Attached Files


Leroy

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 23 September 2009 - 02:10 PM

Hi lwiley,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • This should take care of the message at boot up.

    Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
    00,00
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • If you found any unusual internet activity please do the following:
    • Run cports.exe.
    • Under Options the Auto Refresh should be set to 1. second.
    • Close all other open windows.
    • Use Ctrl+A to select all the items.
    • Use Ctrl+S. Alternatively under File menu click Save Selected Items.
    • Give a name and save the log as a txt file.
    • Open the saved log file. Copy and paste the content to your reply.
  • Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.


#6 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 23 September 2009 - 04:21 PM

Thank you farbar.

Boot Up Message
This went fine and the lsdelete message is gone. Thank you. :(

GMER Scanner
GMER ran for less than thirty seconds and stopped working:

Posted Image


I did disable the realtime Trend Micro AV/Spyware protection before running GMER.
Leroy

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 23 September 2009 - 04:48 PM

Please try once more to run GMER. This time right-click and select "Run as Administrator".

#8 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 23 September 2009 - 05:13 PM

Please try once more to run GMER. This time right-click and select "Run as Administrator".

The same result. Runs for less than thirty seconds and the same message pops up.
Leroy

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 23 September 2009 - 06:12 PM

You have too many additional security programs running: Windows Defender, Ad-Watch and WinPatrol. Please make sure all of them remain disabled as long as we are not done. While running ComboFix also disable the real-time protection of your antivirus, but enable it after ComboFix rebooted.
  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Go to Start > Control Panel > Windows Defender.
    • Open Windows Defender.
    • Click on Tools, Options.
    • At the bottom of the Window Defender's page, under Administrator Options uncheck "use Windows Defender" and then Save.
    • Click Close.
    Note:When everything is done and your log is clean again, you can enable it again.

  • Consult this page to disable ad-watch, yours might be different:
    HOW TO TURN OFF AD-WATCH

  • Configure Winpatrol not to run at startup. Then right-click the Winpatrol icon on the right-hand of taskbar (System Tray or Notification Area) and select Exit Program.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#10 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 23 September 2009 - 06:34 PM

I've disabled everything and am ready to proceed with the ComboFix, except that there was no Ad-Watch icon in my tray to disable. To my knowledge I have never run Ad-Watch. I also did not see it listed in WinPatrol anywhere. Are you sure I have it running?

I did uninstall Ad-Aware SE, in case that might run Ad-Watch behind the scenes. Is that good enough? May I proceed with ComboFix?


thanks, Leroy
Leroy

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 23 September 2009 - 07:19 PM

Are you sure I have it running?

No, I'm sure it was not running, but on DDS it was "enabled" and i didn't check it:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Leroy at 9:27:22.05 on Fri 09/04/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3325.1984 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

It could be a bug.

Please proceed with ComboFix. Run it just once please.

#12 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 23 September 2009 - 08:12 PM

Here is the ComboFix log.


ComboFix 09-09-23.02 - Leroy 09/23/2009 17:32.1.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2132 [GMT -7:00]
Running from: c:\users\Leroy\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\34da175.msi
c:\windows\Installer\9b1c4.msi
c:\windows\system32\cbfafcc6_r.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\x9z41d3.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 17:36 . 2009-09-23 17:36 -------- d-----w- c:\users\Leroy\AppData\Local\IDimager
2009-09-23 05:29 . 2009-09-23 05:29 -------- d-----w- c:\program files\photools.com
2009-09-22 00:26 . 2009-09-22 00:26 -------- d-----w- c:\users\Leroy\AppData\Roaming\Stardock
2009-09-22 00:25 . 2009-09-22 00:25 -------- dc-h--w- c:\programdata\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-09-22 00:25 . 2009-09-22 15:15 -------- d-----w- c:\programdata\Stardock
2009-09-22 00:23 . 2009-09-22 00:23 -------- d-----w- c:\users\Leroy\AppData\Local\PackageAware
2009-09-19 23:53 . 2009-09-19 23:53 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 23:53 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-09-19 23:53 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-19 23:53 . 2009-09-19 23:53 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-18 17:14 . 2007-05-07 00:12 326656 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-09-18 17:14 . 2009-09-18 17:14 -------- d-----w- c:\program files\SigmaTel
2009-09-18 17:14 . 2007-05-07 00:11 326144 ----a-w- c:\windows\system32\stcplx.dll
2009-09-18 17:14 . 2007-05-07 00:11 587776 ----a-w- c:\windows\system32\stapo.dll
2009-09-18 17:14 . 2007-05-07 00:10 244736 ----a-w- c:\windows\system32\stapi32.dll
2009-09-18 17:14 . 2007-03-05 21:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-09-18 17:14 . 2007-03-05 21:05 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-09-18 16:26 . 2009-09-18 16:26 -------- d-----w- c:\windows\system32\ca-ES
2009-09-18 16:26 . 2009-09-18 16:26 -------- d-----w- c:\windows\system32\eu-ES
2009-09-18 16:26 . 2009-09-18 16:26 -------- d-----w- c:\windows\system32\vi-VN
2009-09-16 18:45 . 2009-09-16 18:45 4286 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_563ADF0391AAC1E5EF5308.exe
2009-09-16 18:45 . 2009-09-16 18:45 3262 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_DEF5BB840EF51D706179C1.exe
2009-09-16 18:45 . 2009-09-16 18:45 3262 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_2B631DB24543545770D4D8.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_6FEFF9B68218417F98F549.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_5EA066ABC5639B8838B5B4.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_5B0D5BDC5233E38B1FD374.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_08511B06DF86B0622D3384.exe
2009-09-16 18:45 . 2009-09-16 18:45 -------- d-----w- c:\program files\BurnSoft
2009-09-14 23:48 . 2009-09-14 23:48 -------- d-----w- c:\programdata\Camera Bits, Inc
2009-09-14 20:33 . 2009-09-14 20:33 -------- d-----w- c:\users\Leroy\AppData\Roaming\Camera Bits, Inc
2009-09-14 20:31 . 2009-09-14 20:31 -------- d-----w- c:\program files\Camera Bits
2009-09-14 17:24 . 2009-09-14 18:16 -------- d-----w- c:\program files\AnVir Task Manager Pro
2009-09-14 17:10 . 2009-09-14 18:15 -------- d-----w- c:\users\Leroy\AppData\Local\AnVir
2009-09-14 15:42 . 2009-09-14 15:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-08 20:43 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-08 20:43 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 20:43 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-08 20:43 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-08 20:43 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-08 20:43 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-08 20:43 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-08 20:43 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-08 20:43 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-08 20:43 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-08 20:43 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-08 20:42 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-08 20:42 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-08 20:42 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-08 20:42 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-08 20:42 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-08 20:42 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-08 20:41 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-08 20:41 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-08 20:41 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-08 20:41 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-08 20:41 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-06 03:11 . 2009-09-06 16:58 -------- d-----w- c:\windows\BDOSCAN8
2009-09-05 04:44 . 2009-09-05 04:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-03 21:40 . 2009-09-03 21:40 -------- d-----w- c:\users\Leroy\.gem
2009-09-03 20:15 . 2009-03-06 20:01 76184 ----a-w- c:\windows\system32\atsckernel.exe
2009-09-03 20:15 . 2009-03-06 19:59 20376 ----a-w- c:\windows\system32\atashost.exe
2009-09-02 22:21 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:21 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 20:43 . 2009-09-03 06:23 -------- d-----w- c:\users\Leroy\.housecall6.6
2009-09-02 20:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Lavasoft
2009-09-02 19:50 . 2009-09-23 23:24 -------- d-----w- c:\users\Leroy\AppData\Roaming\Lavasoft
2009-09-02 07:58 . 2009-09-02 07:58 -------- d-----w- c:\programdata\Sync Services
2009-09-02 07:58 . 2009-09-02 07:58 -------- d-----w- c:\programdata\Trance Pad
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\users\Leroy\AppData\Roaming\Expression Media 2
2009-08-30 05:25 . 2009-08-30 05:25 -------- d-----w- C:\Diskeeper
2009-08-30 04:01 . 2009-08-30 04:01 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-08-30 04:01 . 2009-08-30 04:01 -------- d-----w- c:\programdata\Diskeeper Corporation
2009-08-30 03:53 . 2009-08-30 03:54 -------- d-----w- c:\users\Leroy\Diskeeper
2009-08-27 00:41 . 2009-08-27 00:41 -------- d-----w- c:\windows\system32\EventProviders
2009-08-27 00:39 . 2009-04-11 06:32 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-08-27 00:38 . 2009-04-11 06:28 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-08-27 00:37 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-08-27 00:37 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-08-27 00:37 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-08-27 00:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-08-27 00:37 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-08-27 00:37 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-08-27 00:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-08-27 00:37 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-08-27 00:37 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-08-27 00:37 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-08-27 00:37 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-08-26 17:33 . 2009-08-26 17:33 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-26 17:26 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:24 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-26 17:24 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-26 17:24 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-26 17:24 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 17:24 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-26 17:24 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-26 17:24 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-26 17:24 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-26 10:14 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-08-25 03:54 . 2009-08-25 03:54 -------- d-----w- c:\program files\Diskeeper Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 20:57 . 2008-03-12 02:50 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-23 17:36 . 2008-03-13 16:51 -------- d-----w- c:\program files\IDimager Products
2009-09-23 16:24 . 2008-12-03 17:56 -------- d-----w- c:\users\Leroy\AppData\Roaming\Vista Start Menu
2009-09-22 18:08 . 2008-03-12 10:26 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-22 04:45 . 2008-03-13 14:46 -------- d-----w- c:\program files\Bibble Labs
2009-09-22 04:22 . 2009-07-13 19:03 -------- d-----w- c:\program files\Neverball
2009-09-22 00:26 . 2008-07-14 15:41 -------- d-----w- c:\program files\Stardock
2009-09-19 23:53 . 2008-11-20 19:33 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-18 22:27 . 2008-07-22 05:51 20 ---h--w- c:\programdata\PKP_DLbw.DAT
2009-09-18 22:27 . 2008-06-03 06:17 20 ---h--w- c:\programdata\PKP_DLbx.DAT
2009-09-18 22:27 . 2008-03-13 16:00 20 ---h--w- c:\programdata\PKP_DLbz.DAT
2009-09-18 17:14 . 2008-03-12 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 17:07 . 2008-03-12 01:34 61224 ----a-w- c:\users\Leroy\GoToAssistDownloadHelper.exe
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-18 16:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-18 16:23 . 2009-09-18 16:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2009-09-14 19:49 . 2009-07-29 03:35 -------- d-----w- c:\programdata\NOS
2009-09-14 14:56 . 2008-03-12 00:41 -------- d-----w- c:\programdata\NVIDIA
2009-09-11 19:42 . 2008-03-11 23:55 105680 ----a-w- c:\users\Leroy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 22:00 . 2008-03-19 04:16 188501 ----a-w- c:\users\Leroy\AppData\Roaming\ContentGuard\CGGuard2.dll
2009-09-09 10:08 . 2008-03-16 13:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 06:42 . 2008-03-12 05:15 -------- d-----w- c:\programdata\Microsoft Help
2009-09-08 16:29 . 2008-03-19 04:16 -------- d-----w- c:\users\Leroy\AppData\Roaming\ContentGuard
2009-09-08 05:19 . 2008-05-29 06:14 -------- d-----w- c:\program files\WORDsearch 8
2009-09-05 04:51 . 2008-05-14 03:26 -------- d-----w- c:\program files\Java
2009-09-04 02:33 . 2009-06-18 02:51 -------- d-----w- c:\users\Leroy\AppData\Roaming\FileZilla
2009-09-03 20:15 . 2009-03-16 02:55 -------- d-----w- c:\programdata\WebEx
2009-09-03 20:14 . 2009-09-03 20:14 8892928 ----a-w- c:\programdata\atscie.msi
2009-09-03 02:48 . 2008-12-14 07:53 -------- d-----w- c:\program files\Trend Micro
2009-09-02 16:11 . 2008-08-23 17:05 -------- d-----w- c:\program files\Spyware Doctor
2009-09-02 08:19 . 2008-06-09 14:56 -------- d-----w- c:\program files\johnsadventures.com
2009-09-02 08:19 . 2008-06-09 14:56 -------- d-----w- c:\users\Leroy\AppData\Roaming\johnsadventures.com
2009-09-02 08:01 . 2008-09-07 04:15 -------- d-----w- c:\program files\Coupons
2009-09-02 07:54 . 2008-03-13 16:00 -------- d-----w- c:\program files\Common Files\Nikon
2009-09-02 07:53 . 2009-05-20 02:29 -------- d-----w- c:\users\Leroy\AppData\Roaming\Blueberry
2009-09-02 07:52 . 2009-06-07 01:10 -------- d-----w- c:\programdata\Deskshare
2009-09-02 02:46 . 2008-12-03 17:56 -------- d-----w- c:\program files\Vista Start Menu
2009-09-02 00:16 . 2008-12-11 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 00:13 . 2009-02-03 18:33 -------- d-----w- c:\programdata\PCPitstop
2009-09-02 00:05 . 2009-01-19 17:26 -------- d-----w- c:\program files\jv16 PowerTools 2008
2009-09-01 22:34 . 2009-06-18 15:29 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-01 22:34 . 2009-09-01 22:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-26 19:12 . 2009-06-18 02:50 -------- d-----w- c:\program files\FileZilla FTP Client
2009-08-23 04:29 . 2008-03-16 00:13 -------- d-----w- c:\program files\TreePadXSU
2009-08-22 19:44 . 2008-07-07 15:53 -------- d-----w- c:\program files\Wal-Mart Music Downloads Store
2009-08-22 19:37 . 2009-08-22 19:37 -------- d-----w- c:\users\Leroy\AppData\Roaming\TextSoap
2009-08-18 20:56 . 2009-08-18 20:52 -------- d-----w- c:\program files\123di_6004
2009-08-15 21:05 . 2009-06-19 22:04 -------- d-----w- c:\program files\ent
2009-08-14 22:06 . 2008-11-19 03:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-14 22:06 . 2008-11-19 02:55 38208 ----a-w- c:\users\Leroy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-14 03:05 . 2009-02-08 18:57 -------- d-----w- c:\users\Leroy\AppData\Roaming\FileBoss
2009-08-14 03:01 . 2009-02-08 18:57 -------- d-----w- c:\program files\FileBoss V2
2009-08-13 22:50 . 2009-08-13 22:50 -------- d-----w- c:\users\Leroy\AppData\Roaming\WordWeb
2009-08-10 17:26 . 2008-04-11 16:36 -------- d-----w- c:\users\Leroy\AppData\Roaming\Winamp
2009-08-10 17:26 . 2008-03-12 22:13 -------- d-----w- c:\programdata\FLEXnet
2009-08-10 17:26 . 2008-03-12 05:21 -------- d-----w- c:\program files\KeePass Password Safe
2009-08-08 00:08 . 2008-03-12 02:11 -------- d-----w- c:\users\Leroy\AppData\Roaming\InstallShield
2009-08-08 00:07 . 2009-08-08 00:07 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-08-04 04:40 . 2008-03-13 08:27 -------- d-----w- c:\program files\goodsol01
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 20:36 . 2008-12-11 23:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2008-12-11 23:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 03:47 . 2008-03-12 22:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-28 17:33 . 2008-03-13 17:52 -------- d-----w- c:\program files\Qimage
2009-07-21 21:52 . 2009-07-29 12:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 17:25 . 2009-07-21 17:25 60744 ----a-w- c:\users\Leroy\g2mdlhlpx.exe
2009-07-17 13:54 . 2009-08-13 04:47 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:54 . 2009-07-16 15:54 1078 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_A337FA7F14B1AA85BFA8A6.exe
2009-07-16 15:54 . 2009-07-16 15:54 1078 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_7CFBC8C69E44C18F04FF2E.exe
2009-07-16 15:54 . 2009-07-16 15:54 10134 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_3B0267A284AF1E1AD9D67E.exe
2009-07-15 12:40 . 2009-08-13 04:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 04:46 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 04:46 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 04:46 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-07 01:58 . 2009-07-07 01:58 8323072 ----a-w- c:\users\Leroy\ntuser.dat.tmp
2009-07-07 01:58 . 2009-07-06 07:55 163840 ----a-w- c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT.tmp
2009-07-07 01:58 . 2009-07-06 07:55 155648 ----a-w- c:\windows\ServiceProfiles\LocalService\NTUSER.DAT.tmp
2009-07-06 17:40 . 2009-07-06 17:40 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2008-03-13 17:26 . 2008-03-13 17:26 88 --sh--r- c:\windows\System32\C721EDAE18.sys
2009-01-19 17:26 . 2009-01-19 17:26 23 --sha-w- c:\windows\System32\ecefdbeb_z.dll
2008-11-30 19:07 . 2008-03-13 17:20 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 19:50 . 2007-02-21 19:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2007-12-20 3760198]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-02 160592]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-08-15 2538728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-11-07 507904]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-23 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Leroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-8-25 464176]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-3-16 44384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-1 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Object Desktop\Fences\FencesMenu.dll" [2009-08-31 120168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:e5,b7,87,aa,7d,38,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-89542985-1990456904-3273251887-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AED3CB7B-BCF0-43EA-8A80-6B0D94B65FEE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CF1A4E15-D356-4579-96EE-F7E01AD59E21}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E28D6EF-E94B-4453-B578-93F6D394FC19}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DE8F28B9-61C1-45C7-AA94-620E94F1A84A}c:\\windows\\system32\\jpegslsh.scr"= UDP:c:\windows\system32\jpegslsh.scr:The Photo Help Desk
"UDP Query User{F0C32624-F465-4DEF-817B-78D9D56B861A}c:\\windows\\system32\\jpegslsh.scr"= TCP:c:\windows\system32\jpegslsh.scr:The Photo Help Desk
"{784A4BCE-5BB1-4FFF-99BD-168541246370}"= UDP:c:\program files\deepinvent\MailStore Home\MailStoreDesktopServices.exe:MailStore Desktop Services
"{FD17374B-BE23-4B40-BA59-9EDE6DAF5962}"= TCP:c:\program files\deepinvent\MailStore Home\MailStoreDesktopServices.exe:MailStore Desktop Services
"{971AF4D5-CB93-4314-9A8D-BA7EF486E17E}"= UDP:5353:Adobe CSI CS4
"{16104A0F-CAB7-4096-AEC7-2825094BBE31}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{DFABDAAD-5BCE-40B1-8237-81FF492524D9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{FD111AFF-C461-4C96-BE38-90BF982A6ECE}"= UDP:5353:Adobe CSI CS4
"{E59687DA-B9AA-4F0B-BD2A-C02582341A60}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{19536BE8-7510-42E4-BAFF-A42FA28BF23E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{8903928E-189E-48D8-A26E-B224E969D0BF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B2F2FD3-0FD0-4614-B2EE-F8727E09A51B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8DD73777-1276-4951-B1D0-69E94D11B7CB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EDC8B5BB-1CEE-4C53-A44F-B6802F62642C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F99A8902-8B29-4691-8B0B-15486B7B367B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2640E0DC-81CB-4863-97AB-A2D768DAC064}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1224BE42-81F0-45F7-89E7-46E6885C2C78}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{96C88AC4-6446-4ABC-B1F8-820E8CA83165}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{0291A858-B5F7-4A6A-B081-8119AAFE46B3}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{AAE80D83-7E36-49A7-9E77-2281E24BA06C}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/18/2009 8:29 AM 206256]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [12/14/2008 1:38 AM 145424]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [9/3/2009 1:15 PM 20376]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [7/15/2009 7:42 AM 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [12/14/2008 1:38 AM 256528]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [9/19/2009 4:53 PM 604488]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\progra~1\LACIEB~1\DDCDrv.sys [5/1/2008 6:45 PM 7680]
R3 bbcap;bbcap;c:\windows\System32\drivers\bbcap.sys [5/19/2009 7:28 PM 4096]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [3/11/2008 5:58 PM 5632]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 3:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 3:25 AM 251904]
S2 gupdate1ca00ef7c68d525;Google Update Service (gupdate1ca00ef7c68d525);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2009 4:46 PM 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [12/14/2008 1:38 AM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [12/14/2008 1:50 AM 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/14/2008 1:50 AM 677128]
S3 DCSCUSB;Spectrocolorimeter Driver (dcscusb.sys);c:\windows\System32\drivers\dcscusb.sys [11/22/2006 3:49 PM 18816]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/12/2008 4:49 PM 29744]
S3 i1display;i1 Display;c:\windows\System32\drivers\i1display.sys [5/1/2008 6:44 PM 44344]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/23/2008 10:59 AM 348752]
S3 Spyder2;ColorVision Spyder2;c:\windows\System32\drivers\Spyder2.sys [2/13/2007 5:16 PM 12288]
S4 IntuitUpdateService;IntuitUpdateService;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
S4 Stereo Service;Stereo Service;c:\windows\System32\nvSCPAPISvr.exe [6/10/2009 6:33 AM 232960]

--- Other Services/Drivers In Memory ---

*Deregistered* - ffddapod

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{FFBC05FE-CFF3-4A56-ACBE-09379AD7BF0B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture image with GKB - c:\program files\General Knowledge Base\2.4\CaptureWebImage.htm
IE: Capture web page with GKB - c:\program files\General Knowledge Base\2.4\CaptureWebPage.htm
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open image in PhotoME... - c:\program files\PhotoME\iemenuext.html
IE: Open with KUSO EXIF Viewer - c:\program files\KUSO EXIF Viewer\EXIF.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: altaeptax.com\www
TCP: {55A390C6-ED13-4D99-80CE-C3A64B83FBA5} = 208.67.222.222,
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Leroy\AppData\Roaming\Mozilla\Firefox\Profiles\bzmruyu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://forums.dpreview.com/forums/forum.asp?forum=1039|http://dustyden.org/phpbb/index.php|http://mail.google.com/mail/?shva=1#inbox|http://nikongear.com/smf/
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Leroy\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.max.tokenizing.time - 2250000
.
- - - - ORPHANS REMOVED - - - -

Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 17:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bwf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cel"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.flc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fli"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\FSViewer.exe"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m15"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m1a"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m2a"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m75"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mpv"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pics"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qcp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qtpf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RW2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sdv"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sfil"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.smf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sml"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.swa"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ulw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.vfw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1541D31-09CB-D98A-A9F8-A8CC096869D1}*]
"mamaepoklfdkkciconlebnomke"=hex:6a,61,6c,63,68,68,6c,70,63,69,70,6a,61,66,6e,
6a,70,69,6d,6e,00,00
"naonchbpalhhjlbmedjaifmamodd"=hex:6a,61,6c,63,68,68,6c,70,63,69,70,6a,61,66,
6e,6a,70,69,6d,6e,00,00
"hakacdjjkjmpehcp"=hex:61,62,70,6c,64,6d,6d,68,65,61,61,67,64,6a,69,69,68,6a,
6f,67,61,63,61,61,67,6d,6b,6f,6f,63,6a,63,63,66,00,77
"hakacdjjdijemgib"=hex:6f,61,69,63,63,65,68,70,6b,6f,67,6b,65,6c,6c,68,6c,6e,
68,69,65,67,63,62,66,68,64,68,69,6f,00,63

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-24 17:56
ComboFix-quarantined-files.txt 2009-09-24 00:55

Pre-Run: 691,973,804,032 bytes free
Post-Run: 692,097,048,576 bytes free

784 --- E O F --- 2009-09-21 23:48
Leroy

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 24 September 2009 - 02:41 AM

  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    Folder::
    c:\program files\Coupons
    RegNull::
    [HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1541D31-09CB-D98A-A9F8-A8CC096869D1}*]
    RegLockDel:: 
    [HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1541D31-09CB-D98A-A9F8-A8CC096869D1}*]

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • Please tell me how is your computer running.


#14 lwiley

lwiley
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:04:37 PM

Posted 24 September 2009 - 12:45 PM

ComboFix
Seemed to run fine.

Java
I had already updated to JRE 6 Update 16. It was after my OP. Sorry I forgot to mention that.

How It's Running
Well cports shows 82 connections right now and none of them look suspicious to me (log attached). No web refresh/load problems.

One odd behavior I've noticed is that my notification icons for the Internet and Sound keep disappearing. Easy enough to restore but might signal a registry corruption problem? I think they might only disappear when I run ComboFix. I'll keep an eye on that.

ComboFix Log

ComboFix 09-09-23.02 - Leroy 09/24/2009 9:14.2.4 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2007 [GMT -7:00]
Running from: c:\users\Leroy\Desktop\ComboFix.exe
Command switches used :: c:\users\Leroy\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Coupons
c:\program files\Coupons\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 00:56 . 2009-09-24 00:56 -------- d-----w- c:\users\Leroy\AppData\Local Settings\Roaming\temp
2009-09-24 00:56 . 2009-09-24 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-23 17:36 . 2009-09-23 17:36 -------- d-----w- c:\users\Leroy\AppData\Local\IDimager
2009-09-23 05:29 . 2009-09-23 05:29 -------- d-----w- c:\program files\photools.com
2009-09-22 00:26 . 2009-09-22 00:26 -------- d-----w- c:\users\Leroy\AppData\Roaming\Stardock
2009-09-22 00:25 . 2009-09-22 00:25 -------- dc-h--w- c:\programdata\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-09-22 00:25 . 2009-09-22 15:15 -------- d-----w- c:\programdata\Stardock
2009-09-22 00:23 . 2009-09-22 00:23 -------- d-----w- c:\users\Leroy\AppData\Local\PackageAware
2009-09-19 23:53 . 2009-09-19 23:53 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-19 23:53 . 2009-07-15 09:48 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-09-19 23:53 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-19 23:53 . 2009-09-19 23:53 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-18 17:14 . 2007-05-07 00:12 326656 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-09-18 17:14 . 2009-09-18 17:14 -------- d-----w- c:\program files\SigmaTel
2009-09-18 17:14 . 2007-05-07 00:11 326144 ----a-w- c:\windows\system32\stcplx.dll
2009-09-18 17:14 . 2007-05-07 00:11 587776 ----a-w- c:\windows\system32\stapo.dll
2009-09-18 17:14 . 2007-05-07 00:10 244736 ----a-w- c:\windows\system32\stapi32.dll
2009-09-18 17:14 . 2007-03-05 21:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-09-18 17:14 . 2007-03-05 21:05 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-09-18 16:26 . 2009-09-18 16:26 -------- d-----w- c:\windows\system32\ca-ES
2009-09-18 16:26 . 2009-09-18 16:26 -------- d-----w- c:\windows\system32\eu-ES
2009-09-18 16:26 . 2009-09-18 16:26 -------- d-----w- c:\windows\system32\vi-VN
2009-09-16 18:45 . 2009-09-16 18:45 4286 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_563ADF0391AAC1E5EF5308.exe
2009-09-16 18:45 . 2009-09-16 18:45 3262 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_DEF5BB840EF51D706179C1.exe
2009-09-16 18:45 . 2009-09-16 18:45 3262 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_2B631DB24543545770D4D8.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_6FEFF9B68218417F98F549.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_5EA066ABC5639B8838B5B4.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_5B0D5BDC5233E38B1FD374.exe
2009-09-16 18:45 . 2009-09-16 18:45 2238 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{D014B658-DC7F-47F9-BBD8-7AA8EC9EDADA}\_08511B06DF86B0622D3384.exe
2009-09-16 18:45 . 2009-09-16 18:45 -------- d-----w- c:\program files\BurnSoft
2009-09-14 23:48 . 2009-09-14 23:48 -------- d-----w- c:\programdata\Camera Bits, Inc
2009-09-14 20:33 . 2009-09-14 20:33 -------- d-----w- c:\users\Leroy\AppData\Roaming\Camera Bits, Inc
2009-09-14 20:31 . 2009-09-14 20:31 -------- d-----w- c:\program files\Camera Bits
2009-09-14 17:24 . 2009-09-14 18:16 -------- d-----w- c:\program files\AnVir Task Manager Pro
2009-09-14 17:10 . 2009-09-14 18:15 -------- d-----w- c:\users\Leroy\AppData\Local\AnVir
2009-09-14 15:42 . 2009-09-14 15:42 -------- d-----w- c:\programdata\McAfee Security Scan
2009-09-08 20:43 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-08 20:43 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-08 20:43 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-08 20:43 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-08 20:43 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-08 20:43 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-08 20:43 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-08 20:43 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-08 20:43 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-08 20:43 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-08 20:43 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-08 20:42 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-08 20:42 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-08 20:42 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-08 20:42 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-08 20:42 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-08 20:42 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-08 20:41 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-08 20:41 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-08 20:41 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-08 20:41 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-08 20:41 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-09-06 03:11 . 2009-09-06 16:58 -------- d-----w- c:\windows\BDOSCAN8
2009-09-05 04:44 . 2009-09-05 04:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-03 21:40 . 2009-09-03 21:40 -------- d-----w- c:\users\Leroy\.gem
2009-09-03 20:15 . 2009-03-06 20:01 76184 ----a-w- c:\windows\system32\atsckernel.exe
2009-09-03 20:15 . 2009-03-06 19:59 20376 ----a-w- c:\windows\system32\atashost.exe
2009-09-02 22:21 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 22:21 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 20:43 . 2009-09-03 06:23 -------- d-----w- c:\users\Leroy\.housecall6.6
2009-09-02 20:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Lavasoft
2009-09-02 19:50 . 2009-09-23 23:24 -------- d-----w- c:\users\Leroy\AppData\Roaming\Lavasoft
2009-09-02 07:58 . 2009-09-02 07:58 -------- d-----w- c:\programdata\Sync Services
2009-09-02 07:58 . 2009-09-02 07:58 -------- d-----w- c:\programdata\Trance Pad
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\users\Leroy\AppData\Roaming\Expression Media 2
2009-08-30 05:25 . 2009-08-30 05:25 -------- d-----w- C:\Diskeeper
2009-08-30 04:01 . 2009-08-30 04:01 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-08-30 04:01 . 2009-08-30 04:01 -------- d-----w- c:\programdata\Diskeeper Corporation
2009-08-30 03:53 . 2009-08-30 03:54 -------- d-----w- c:\users\Leroy\Diskeeper
2009-08-27 00:41 . 2009-08-27 00:41 -------- d-----w- c:\windows\system32\EventProviders
2009-08-27 00:39 . 2009-04-11 06:32 438744 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-08-27 00:38 . 2009-04-11 06:28 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-08-27 00:37 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-08-27 00:37 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-08-27 00:37 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-08-27 00:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-08-27 00:37 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-08-27 00:37 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-08-27 00:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-08-27 00:37 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-08-27 00:37 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-08-27 00:37 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-08-27 00:37 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-08-26 17:33 . 2009-08-26 17:33 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-26 17:26 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:24 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-26 17:24 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-26 17:24 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-26 17:24 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-26 17:24 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-26 17:24 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-26 17:24 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-26 17:24 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-26 10:14 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 07:22 . 2008-03-12 02:50 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-24 05:48 . 2008-03-12 10:26 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-09-23 17:36 . 2008-03-13 16:51 -------- d-----w- c:\program files\IDimager Products
2009-09-23 16:24 . 2008-12-03 17:56 -------- d-----w- c:\users\Leroy\AppData\Roaming\Vista Start Menu
2009-09-22 04:45 . 2008-03-13 14:46 -------- d-----w- c:\program files\Bibble Labs
2009-09-22 04:22 . 2009-07-13 19:03 -------- d-----w- c:\program files\Neverball
2009-09-22 00:26 . 2008-07-14 15:41 -------- d-----w- c:\program files\Stardock
2009-09-19 23:53 . 2008-11-20 19:33 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-18 22:27 . 2008-07-22 05:51 20 ---h--w- c:\programdata\PKP_DLbw.DAT
2009-09-18 22:27 . 2008-06-03 06:17 20 ---h--w- c:\programdata\PKP_DLbx.DAT
2009-09-18 22:27 . 2008-03-13 16:00 20 ---h--w- c:\programdata\PKP_DLbz.DAT
2009-09-18 17:14 . 2008-03-12 02:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-18 17:07 . 2008-03-12 01:34 61224 ----a-w- c:\users\Leroy\GoToAssistDownloadHelper.exe
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-18 16:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-18 16:26 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-18 16:23 . 2009-09-18 16:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2009-09-14 19:49 . 2009-07-29 03:35 -------- d-----w- c:\programdata\NOS
2009-09-14 14:56 . 2008-03-12 00:41 -------- d-----w- c:\programdata\NVIDIA
2009-09-11 19:42 . 2008-03-11 23:55 105680 ----a-w- c:\users\Leroy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-09 22:00 . 2008-03-19 04:16 188501 ----a-w- c:\users\Leroy\AppData\Roaming\ContentGuard\CGGuard2.dll
2009-09-09 10:08 . 2008-03-16 13:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 06:42 . 2008-03-12 05:15 -------- d-----w- c:\programdata\Microsoft Help
2009-09-08 16:29 . 2008-03-19 04:16 -------- d-----w- c:\users\Leroy\AppData\Roaming\ContentGuard
2009-09-08 05:19 . 2008-05-29 06:14 -------- d-----w- c:\program files\WORDsearch 8
2009-09-05 04:51 . 2008-05-14 03:26 -------- d-----w- c:\program files\Java
2009-09-04 02:33 . 2009-06-18 02:51 -------- d-----w- c:\users\Leroy\AppData\Roaming\FileZilla
2009-09-03 20:15 . 2009-03-16 02:55 -------- d-----w- c:\programdata\WebEx
2009-09-03 20:14 . 2009-09-03 20:14 8892928 ----a-w- c:\programdata\atscie.msi
2009-09-03 02:48 . 2008-12-14 07:53 -------- d-----w- c:\program files\Trend Micro
2009-09-02 16:11 . 2008-08-23 17:05 -------- d-----w- c:\program files\Spyware Doctor
2009-09-02 08:19 . 2008-06-09 14:56 -------- d-----w- c:\program files\johnsadventures.com
2009-09-02 08:19 . 2008-06-09 14:56 -------- d-----w- c:\users\Leroy\AppData\Roaming\johnsadventures.com
2009-09-02 07:54 . 2008-03-13 16:00 -------- d-----w- c:\program files\Common Files\Nikon
2009-09-02 07:53 . 2009-05-20 02:29 -------- d-----w- c:\users\Leroy\AppData\Roaming\Blueberry
2009-09-02 07:52 . 2009-06-07 01:10 -------- d-----w- c:\programdata\Deskshare
2009-09-02 02:46 . 2008-12-03 17:56 -------- d-----w- c:\program files\Vista Start Menu
2009-09-02 00:16 . 2008-12-11 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 00:13 . 2009-02-03 18:33 -------- d-----w- c:\programdata\PCPitstop
2009-09-02 00:05 . 2009-01-19 17:26 -------- d-----w- c:\program files\jv16 PowerTools 2008
2009-09-01 22:34 . 2009-06-18 15:29 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-01 22:34 . 2009-09-01 22:34 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-26 19:12 . 2009-06-18 02:50 -------- d-----w- c:\program files\FileZilla FTP Client
2009-08-25 03:54 . 2009-08-25 03:54 -------- d-----w- c:\program files\Diskeeper Corporation
2009-08-23 04:29 . 2008-03-16 00:13 -------- d-----w- c:\program files\TreePadXSU
2009-08-22 19:44 . 2008-07-07 15:53 -------- d-----w- c:\program files\Wal-Mart Music Downloads Store
2009-08-22 19:37 . 2009-08-22 19:37 -------- d-----w- c:\users\Leroy\AppData\Roaming\TextSoap
2009-08-18 20:56 . 2009-08-18 20:52 -------- d-----w- c:\program files\123di_6004
2009-08-15 21:05 . 2009-06-19 22:04 -------- d-----w- c:\program files\ent
2009-08-14 22:06 . 2008-11-19 03:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-14 22:06 . 2008-11-19 02:55 38208 ----a-w- c:\users\Leroy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-14 03:05 . 2009-02-08 18:57 -------- d-----w- c:\users\Leroy\AppData\Roaming\FileBoss
2009-08-14 03:01 . 2009-02-08 18:57 -------- d-----w- c:\program files\FileBoss V2
2009-08-13 22:50 . 2009-08-13 22:50 -------- d-----w- c:\users\Leroy\AppData\Roaming\WordWeb
2009-08-10 17:26 . 2008-04-11 16:36 -------- d-----w- c:\users\Leroy\AppData\Roaming\Winamp
2009-08-10 17:26 . 2008-03-12 22:13 -------- d-----w- c:\programdata\FLEXnet
2009-08-10 17:26 . 2008-03-12 05:21 -------- d-----w- c:\program files\KeePass Password Safe
2009-08-08 00:08 . 2008-03-12 02:11 -------- d-----w- c:\users\Leroy\AppData\Roaming\InstallShield
2009-08-08 00:07 . 2009-08-08 00:07 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-08-04 04:40 . 2008-03-13 08:27 -------- d-----w- c:\program files\goodsol01
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-08-03 20:36 . 2008-12-11 23:19 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2008-12-11 23:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 03:47 . 2008-03-12 22:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-28 17:33 . 2008-03-13 17:52 -------- d-----w- c:\program files\Qimage
2009-07-21 21:52 . 2009-07-29 12:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 17:25 . 2009-07-21 17:25 60744 ----a-w- c:\users\Leroy\g2mdlhlpx.exe
2009-07-17 13:54 . 2009-08-13 04:47 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 15:54 . 2009-07-16 15:54 1078 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_A337FA7F14B1AA85BFA8A6.exe
2009-07-16 15:54 . 2009-07-16 15:54 1078 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_7CFBC8C69E44C18F04FF2E.exe
2009-07-16 15:54 . 2009-07-16 15:54 10134 ----a-r- c:\users\Leroy\AppData\Roaming\Microsoft\Installer\{DB09C3D8-5ED0-42A3-8EC8-3B9F665971EF}\_3B0267A284AF1E1AD9D67E.exe
2009-07-15 12:40 . 2009-08-13 04:46 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 04:46 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 04:46 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 04:46 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-07 01:58 . 2009-07-07 01:58 8323072 ----a-w- c:\users\Leroy\ntuser.dat.tmp
2009-07-07 01:58 . 2009-07-06 07:55 163840 ----a-w- c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT.tmp
2009-07-07 01:58 . 2009-07-06 07:55 155648 ----a-w- c:\windows\ServiceProfiles\LocalService\NTUSER.DAT.tmp
2009-07-06 17:40 . 2009-07-06 17:40 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-05 07:53 . 2009-07-05 07:53 290816 ----a-w- c:\users\Leroy\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2008-03-13 17:26 . 2008-03-13 17:26 88 --sh--r- c:\windows\System32\C721EDAE18.sys
2009-01-19 17:26 . 2009-01-19 17:26 23 --sha-w- c:\windows\System32\ecefdbeb_z.dll
2008-11-30 19:07 . 2008-03-13 17:20 2516 --sha-w- c:\windows\System32\KGyGaAvL.sys
2007-02-21 19:50 . 2007-02-21 19:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-09-24_00.48.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-12 00:03 . 2009-09-24 15:40 59960 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-09-24 15:40 82208 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-12 00:03 . 2009-09-24 15:40 17558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-89542985-1990456904-3273251887-1000_UserData.bin
- 2008-03-12 00:03 . 2009-09-23 21:01 17558 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-89542985-1990456904-3273251887-1000_UserData.bin
- 2006-11-02 13:00 . 2009-09-23 20:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-09-24 15:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-09-24 15:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-09-23 20:59 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2009-09-24 15:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:00 . 2009-09-23 20:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-24 05:48 . 2009-09-24 05:48 45056 c:\windows\Installer\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}\DevDetectPMShortcut_ECE0113B23D04DD889E6D2F026CABF03.exe
+ 2009-09-24 05:48 . 2009-09-24 05:48 81920 c:\windows\Installer\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}\ACDSeeShowroomShor_89621A33AFFC45029C8C9D5A4EA9D15A.exe
+ 2006-11-02 10:33 . 2009-09-24 15:45 636754 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-23 21:05 636754 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-23 21:05 117882 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-24 15:45 117882 c:\windows\System32\perfc009.dat
+ 2009-09-24 05:48 . 2009-09-24 05:48 475136 c:\windows\Installer\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}\ARPPRODUCTICON.exe
+ 2009-09-24 05:48 . 2009-09-24 05:48 475136 c:\windows\Installer\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}\ACDSeePMShortcut_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2009-09-24 05:48 . 2009-09-24 05:48 475136 c:\windows\Installer\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}\ACDSeeDesktopShortcu_F99F74B4972B4B06B8936B3B0DB0128B.exe
+ 2006-11-02 10:22 . 2009-09-24 07:23 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-09-18 17:26 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-09-24 05:48 . 2009-09-24 05:48 7585792 c:\windows\Installer\100a9ec.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2007-12-20 3760198]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-02 160592]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-08-15 2538728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"pdfFactory Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-11-07 507904]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-23 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-23 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\users\Leroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-8-25 464176]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-3-16 44384]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-1 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Object Desktop\Fences\FencesMenu.dll" [2009-08-31 120168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:e5,b7,87,aa,7d,38,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-89542985-1990456904-3273251887-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AED3CB7B-BCF0-43EA-8A80-6B0D94B65FEE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CF1A4E15-D356-4579-96EE-F7E01AD59E21}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4E28D6EF-E94B-4453-B578-93F6D394FC19}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{DE8F28B9-61C1-45C7-AA94-620E94F1A84A}c:\\windows\\system32\\jpegslsh.scr"= UDP:c:\windows\system32\jpegslsh.scr:The Photo Help Desk
"UDP Query User{F0C32624-F465-4DEF-817B-78D9D56B861A}c:\\windows\\system32\\jpegslsh.scr"= TCP:c:\windows\system32\jpegslsh.scr:The Photo Help Desk
"{784A4BCE-5BB1-4FFF-99BD-168541246370}"= UDP:c:\program files\deepinvent\MailStore Home\MailStoreDesktopServices.exe:MailStore Desktop Services
"{FD17374B-BE23-4B40-BA59-9EDE6DAF5962}"= TCP:c:\program files\deepinvent\MailStore Home\MailStoreDesktopServices.exe:MailStore Desktop Services
"{971AF4D5-CB93-4314-9A8D-BA7EF486E17E}"= UDP:5353:Adobe CSI CS4
"{16104A0F-CAB7-4096-AEC7-2825094BBE31}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{DFABDAAD-5BCE-40B1-8237-81FF492524D9}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{FD111AFF-C461-4C96-BE38-90BF982A6ECE}"= UDP:5353:Adobe CSI CS4
"{E59687DA-B9AA-4F0B-BD2A-C02582341A60}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{19536BE8-7510-42E4-BAFF-A42FA28BF23E}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{8903928E-189E-48D8-A26E-B224E969D0BF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B2F2FD3-0FD0-4614-B2EE-F8727E09A51B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8DD73777-1276-4951-B1D0-69E94D11B7CB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EDC8B5BB-1CEE-4C53-A44F-B6802F62642C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{F99A8902-8B29-4691-8B0B-15486B7B367B}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2640E0DC-81CB-4863-97AB-A2D768DAC064}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1224BE42-81F0-45F7-89E7-46E6885C2C78}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{96C88AC4-6446-4ABC-B1F8-820E8CA83165}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{0291A858-B5F7-4A6A-B081-8119AAFE46B3}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{AAE80D83-7E36-49A7-9E77-2281E24BA06C}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/18/2009 8:29 AM 206256]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [12/14/2008 1:38 AM 145424]
R2 atashost;WebEx Service Host for Support Center;c:\windows\System32\atashost.exe [9/3/2009 1:15 PM 20376]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [7/15/2009 7:42 AM 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [12/14/2008 1:38 AM 256528]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [9/19/2009 4:53 PM 604488]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\progra~1\LACIEB~1\DDCDrv.sys [5/1/2008 6:45 PM 7680]
R3 bbcap;bbcap;c:\windows\System32\drivers\bbcap.sys [5/19/2009 7:28 PM 4096]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [3/11/2008 5:58 PM 5632]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 3:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 3:25 AM 251904]
S2 gupdate1ca00ef7c68d525;Google Update Service (gupdate1ca00ef7c68d525);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2009 4:46 PM 133104]
S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [12/14/2008 1:38 AM 50192]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [12/14/2008 1:50 AM 497008]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/14/2008 1:50 AM 677128]
S3 DCSCUSB;Spectrocolorimeter Driver (dcscusb.sys);c:\windows\System32\drivers\dcscusb.sys [11/22/2006 3:49 PM 18816]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/12/2008 4:49 PM 29744]
S3 i1display;i1 Display;c:\windows\System32\drivers\i1display.sys [5/1/2008 6:44 PM 44344]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/23/2008 10:59 AM 348752]
S3 Spyder2;ColorVision Spyder2;c:\windows\System32\drivers\Spyder2.sys [2/13/2007 5:16 PM 12288]
S4 IntuitUpdateService;IntuitUpdateService;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
S4 Stereo Service;Stereo Service;c:\windows\System32\nvSCPAPISvr.exe [6/10/2009 6:33 AM 232960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{FFBC05FE-CFF3-4A56-ACBE-09379AD7BF0B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Capture image with GKB - c:\program files\General Knowledge Base\2.4\CaptureWebImage.htm
IE: Capture web page with GKB - c:\program files\General Knowledge Base\2.4\CaptureWebPage.htm
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Open image in PhotoME... - c:\program files\PhotoME\iemenuext.html
IE: Open with KUSO EXIF Viewer - c:\program files\KUSO EXIF Viewer\EXIF.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: altaeptax.com\www
TCP: {55A390C6-ED13-4D99-80CE-C3A64B83FBA5} = 208.67.222.222,
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Leroy\AppData\Roaming\Mozilla\Firefox\Profiles\bzmruyu1.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://forums.dpreview.com/forums/forum.asp?forum=1039|http://dustyden.org/phpbb/index.php|http://mail.google.com/mail/?shva=1#inbox|http://nikongear.com/smf/
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Leroy\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bwf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cel"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.flc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fli"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\FSViewer.exe"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m15"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m1a"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m2a"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m75"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mpv"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pics"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qcp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qtpf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RW2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sdv"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sfil"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.smf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sml"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.swa"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ulw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.vfw"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-89542985-1990456904-3273251887-1000)
"Progid"="ACDSee Pro 3.xmp"

[HKEY_USERS\S-1-5-21-89542985-1990456904-3273251887-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-24 9:46
ComboFix-quarantined-files.txt 2009-09-24 16:46
ComboFix2.txt 2009-09-24 00:56

Pre-Run: 686,072,041,472 bytes free
Post-Run: 685,933,056,000 bytes free

792 --- E O F --- 2009-09-21 23:48

Attached Files


Leroy

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:37 AM

Posted 24 September 2009 - 12:57 PM

All those listening processes are legit and the icons might be related to ComboFix restoring some default settings.

Everything looks good and you are good to go now. :(


Go to Start => Run => copy and paste next command in the field then hit enter:

ComboFix /u

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.

Happy Surfing.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users