GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

ddos attack and webdav hack

View previous topic View next topic Go down

ddos attack and webdav hack

Post by ikon32 on Tue May 31, 2011 4:00 am

my system was hacked because of an older version of xampp. they attacked the webdav directory and instaled and run php scripts. Also had a ddos attack maybe from bittorent. I updated the xampp server and deleted bittorent and btdna. Then my cpu usage keep going to red and see some funny ip addresses in network utilization like:
Network: svchost.exe(networkService)
pid: 1424
address: . (just a dot) or some others with just (-)
it feels like I am trunsmiting when I souldn't.
I also run combofix before coming here and I think it took some files off my registry. I just wanted to run a scan but I think it went further...

Can someone please help me? I am including the scan from OTL as a zip (it was too big to iclude here)

the securityCheck log:
Results of screen317's Security Check version 0.99.12
Windows Vista (UAC is enabled)
[You must be registered and logged in to see this link.]
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ZoneAlarm Extreme Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 23
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.153.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

ikon32
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-18
OS : windows vista ultimate

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by Belahzur on Tue May 31, 2011 8:17 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by ikon32 on Tue May 31, 2011 8:31 pm

this is the combofix.txt from when i had run it afew days agow, so I need to run it again and send you the newest results?
------------

ComboFix 11-05-23.02 - ash 05/24/2011 4:25.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1253.30.1033.18.8190.2880 [GMT 3:00]
Running from: c:\users\ash\Desktop\ComboFix.exe
AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {E9467272-859A-F159-FA9E-55E7E32D7A25}
FW: ZoneAlarm Extreme Security Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ErrLog.txt
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\UNWISE.EXE
c:\users\ash\AppData\Local\Asus.xrm-ms
c:\windows\ST6UNST.000
c:\windows\SysWow64\firefox.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.norton2009Reset
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-24 01:36 . 2011-05-24 01:36 -------- d-----w- c:\users\Thanos\AppData\Local\temp
2011-05-24 01:36 . 2011-05-24 01:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-24 01:36 . 2011-05-24 01:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-22 15:39 . 2011-05-22 15:39 -------- d-----w- c:\users\ash\AppData\Roaming\#ISW.FS#
2011-05-21 06:13 . 2011-05-18 09:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5C3FEF2-8078-4E78-ADB2-D0B2AD84A6B4}\mpengine.dll
2011-05-20 19:24 . 2011-05-20 19:24 -------- d-----w- c:\users\Thanos\AppData\Local\WLDM
2011-05-20 19:24 . 2011-05-20 19:24 -------- d-----w- c:\users\ash\AppData\Local\{1EA39A51-FDC8-41C3-82EC-AB658B6CF6F2}
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Local\Mozilla
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\CheckPoint
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\MailFrontier
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Local\Adobe
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\Nero
2011-05-19 22:36 . 2011-05-19 22:36 -------- d-----w- c:\programdata\Kaspersky SDK
2011-05-19 22:31 . 2011-05-21 21:31 -------- d-----w- c:\users\ash\AppData\Roaming\MailFrontier
2011-05-19 21:13 . 2010-08-28 23:53 72704 ----a-w- c:\windows\zllsputility.exe
2011-05-19 21:12 . 2009-10-12 15:15 157712 ----a-w- c:\windows\system32\drivers\kl1.sys
2011-05-19 21:08 . 2010-08-28 23:53 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-05-19 21:08 . 2010-08-28 23:53 103936 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-05-19 21:06 . 2010-08-28 23:53 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-05-19 21:06 . 2011-05-19 21:06 -------- d-----w- c:\windows\system32\ZoneLabs
2011-05-19 21:06 . 2010-06-09 16:16 450648 ----a-w- c:\windows\SysWow64\drivers\vsdatant.sys
2011-05-19 05:45 . 2011-05-19 05:49 -------- d-----w- C:\xampp
2011-05-19 04:43 . 2011-05-19 04:43 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-05-19 04:43 . 2011-05-19 04:43 -------- d-----w- c:\program files\CheckPoint
2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\program files (x86)\Zone Labs
2011-05-19 04:41 . 2010-06-09 16:16 450648 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\programdata\CheckPoint
2011-05-19 04:20 . 2011-05-19 04:20 -------- d-----w- c:\users\ash\AppData\Local\conduitEngine
2011-05-16 13:11 . 2011-05-16 13:12 -------- d-----w- c:\users\UpdatusUser
2011-05-11 08:35 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 08:35 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-04-27 21:13 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 21:13 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 21:13 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 21:13 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 21:13 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 21:13 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-21 05:13 . 2009-11-12 09:17 8892928 ----a-w- c:\programdata\atscie.msi
2011-05-18 14:50 . 2009-02-24 07:56 164880 ---ha-w- c:\users\ash\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-04-13 11:38 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2010-10-19 13:02 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2010-10-19 13:02 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-01-03 03:43 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2008-09-17 21:55 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2008-06-26 04:24 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-07 20:19 . 2011-04-07 20:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:19 . 2011-04-07 20:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 20:19 . 2011-04-07 20:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:19 . 2011-04-07 20:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:19 . 2011-04-07 20:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-16 06:57 . 2011-03-16 06:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 06:57 . 2011-03-16 06:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 06:57 . 2011-03-16 06:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 06:57 . 2011-03-16 06:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 06:57 . 2011-03-16 06:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 06:57 . 2011-03-16 06:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 06:57 . 2011-03-16 06:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 06:57 . 2011-03-16 06:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 06:57 . 2011-03-16 06:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 06:57 . 2011-03-16 06:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 06:57 . 2011-03-16 06:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 06:57 . 2011-03-16 06:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 06:57 . 2011-03-16 06:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 06:57 . 2011-03-16 06:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 06:57 . 2011-03-16 06:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 06:57 . 2011-03-16 06:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 06:57 . 2011-03-16 06:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 06:57 . 2011-03-16 06:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 06:57 . 2011-03-16 06:57 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 06:57 . 2011-03-16 06:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 06:57 . 2011-03-16 06:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 06:57 . 2011-03-16 06:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 06:57 . 2011-03-16 06:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 06:57 . 2011-03-16 06:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 06:57 . 2011-03-16 06:57 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 06:57 . 2011-03-16 06:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 06:57 . 2011-03-16 06:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 06:57 . 2011-03-16 06:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 06:57 . 2011-03-16 06:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 06:57 . 2011-03-16 06:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 06:57 . 2011-03-16 06:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 06:57 . 2011-03-16 06:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 06:57 . 2011-03-16 06:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 06:57 . 2011-03-16 06:57 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 06:57 . 2011-03-16 06:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 06:57 . 2011-03-16 06:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 06:57 . 2011-03-16 06:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 06:57 . 2011-03-16 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 06:57 . 2011-03-16 06:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 06:57 . 2011-03-16 06:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 06:57 . 2011-03-16 06:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 06:57 . 2011-03-16 06:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-10 17:18 . 2011-04-15 15:14 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-15 15:14 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-15 15:14 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:14 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-03 16:02 . 2011-04-15 15:14 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:59 . 2011-04-27 21:13 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 21:13 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 21:13 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42 . 2011-04-15 15:14 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 21:13 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 21:13 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 21:13 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 21:13 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:46 . 2011-04-15 15:14 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-15 15:14 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-24 16:38 . 2011-04-15 15:15 991104 ----a-w- c:\windows\system32\winresume.efi
2011-02-24 16:38 . 2011-04-15 15:15 979840 ----a-w- c:\windows\system32\winresume.exe
2011-02-24 16:37 . 2011-04-15 15:15 1076608 ----a-w- c:\windows\system32\winload.efi
2011-02-24 16:37 . 2011-04-15 15:15 1063296 ----a-w- c:\windows\system32\winload.exe
2011-02-24 16:37 . 2011-04-15 15:15 20864 ----a-w- c:\windows\system32\kdusb.dll
2011-02-24 16:37 . 2011-04-15 15:15 18816 ----a-w- c:\windows\system32\kd1394.dll
2011-02-24 16:37 . 2011-04-15 15:15 17792 ----a-w- c:\windows\system32\kdcom.dll
2010-06-13 16:10 . 2010-09-13 13:16 2734688 ----a-w- c:\program files (x86)\tbZyng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\Zynga\prxtbZyn0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"BitTorrent DNA"="c:\users\ash\Program Files (x86)\DNA\btdna.exe" [2009-11-12 323392]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Opware15"="c:\program files (x86)\ScanSoft\OmniPage15.0\Opware15.exe" [2006-02-03 69632]
"PDF3 Registry Controller"="c:\program files (x86)\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-08-25 106496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Acrobat Assistant 8.0"="j:\programs\Adobe_Acrobat_10\Acrobat\Acrotray.exe" [2010-10-25 821144]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-14 63856]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Adobe Acrobat Speed Launcher"="j:\programs\Adobe_Acrobat_10\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"RemoteControl10"="j:\programs\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-28 1039360]
.
c:\users\ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EmEditor.lnk - c:\program files (x86)\EmEditor\emedtray.exe [2008-5-21 91280]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-2-25 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Register Mask Pro 3.0.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-07-26 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 135664]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SI3112r;SiI-3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/20 22:09];j:\programs\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 09:58 146928]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-08-27 33008]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-08-27 823272]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-08-27 44784]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 07:11]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 07:11]
.
2011-05-24 c:\windows\Tasks\User_Feed_Synchronization-{217C160A-A253-44EF-BCDF-5CC166F24E45}.job
- c:\windows\system32\msfeedssync.exe [2011-03-16 06:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF23051.cfxxe" [X]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-24 60264]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 1553832]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1659816]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-12 119664]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 380448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Scansoft PDF Converter 3.0 - c:\program files (x86)\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
FF - ProfilePath - c:\users\ash\AppData\Roaming\Mozilla\Firefox\Profiles\9telk2op.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-OpScheduler - c:\program files (x86)\ScanSoft\OmniPage15.0\OpScheduler.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
AddRemove-{1cc5cdf4-97ef-43db-9d12-c4333932bdb7} - c:\program files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
AddRemove-{2847cb6b-8b5b-4d1d-b809-bfb17c953605} - c:\program files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\j:\programs\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF0BB237-E425-2C8D-FE37-1642F0F1C204}*]
"jafghoaeoklmcojcdpoc"=hex:6f,61,69,61,62,6a,70,65,61,62,68,67,70,6d,70,6b,6c,
6a,67,65,67,70,61,6a,62,63,6a,68,6e,70,00,04
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM02.00.00.01PRO"="E03A2AF0890C169A5ECC1D38DD6EC3C5384F008AD794D1D70E5438C88D9E4DEDC96F46E0FC36AF2954EA04FBFDD78FA734A0B94772281B0EE3D286C052D8E5A787998F1F05A20109ECE589BE88C86FD0D60B89A8E9AF5AEC2560AA230E84257C41708353CA754231DEB4E971CBF3E6D10CE4860B540F813E14D73A533AD68A8FACEDD3094BD4203EF79292E76C93EF60D74C7AA89830F56F87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6171C11EC38DE3D569A8B3D8AF807ED6328B179F0EEA8861357F2B9DE6AEE57362401F1627D799190C52FB8F092AA29E70179437E2674799D4B16A6235EB034E6429576D0D98B20FEED97AB1EE4002C00D60D599576E14D3CE888BC24F57533AD29258D885D9D4373B9732EDEA394EE63AE819C36FB364E2431E8BF325DDC1661F6F401CA61C7D2050451B089F318FE08BF50BFE44A5DDFCE583ACA26332AB41DFCB26E5F3245BB0FD9A7F5736C60FEA97457CA296562F6784762C7D58A43FA3EC06B47100F777DB1004C14F81C65A34A6CD71B91C878A0231AABF822EA34E7E7FB94D12C2DDFAC4EEBFD757A0445B5ADFCF65DAE63F6F79421C57369CE2A8DFD9B05A607B328718D475CD9DB9740125A2C3F989395D43254E0411F1525F9162D41F6B4753E9C89D8726AD303C13A2B9DB59CA25AB5B212AF9215B80C511AB9E1438BBDD25E2BC161FD924A5D5EBD86090A60A79F8D50F4B9221DD2BCAA2549CE2A45D67F966A0298B1A0F7593F77BA6E4BC127035B95C8453015CF197B59A7E9348BE9DA5F10413707C46B6BA8B77866D1D7F529520A8D6D1222E996839ACBEED1A936CEA5F70BB72E93078AD37300CD2922BABB185EDB0DCE48ACAE75EEC2592A4F4B44482480D8880502B26DC32544110072E7C4E25E4824747ADFF702A96D951010A99BB6D59E2DF667E4976552AEFB396B5C688D50028273072A26A2B430A2E3BE72E6F7D2CE662795226639053592F5C94F047887E38D765C1510432B6C11A4649568D3D3F532BB3F74E345CD43AF4306F78E6168DA9E9655A9B7FA67B05812628C4ED94AE143BC6CE50C3052896391EB94712A6C9942CC23741506DA4EA1D06FD5BDBE39270118F5075048CCFAF0B81BE48AD8A393B7F74C8711C0865BC8669476CDD9399C059B8BEA157F8851CEF086ADAB17AF8276D927FA0D30033261C0B0728A2776DC1E7DB0A9B4686809AAD8F7B81C34C66323196364DBF9FAEFB0ACF456F3C731464FD53BDEFA3EE060E26F88D09420B2779D407FE442E9AEF9AE5FE6AFFEFCBEFE4E9F552AA95BFADB8B1BA9C743F0D1C474BDD09B7D6DEF730A6F609013B0856A063DFE2EF443D5C4EAA51F714BE298136CE47F30BC99"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\astsrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2011-05-24 04:58:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-24 01:58
.
Pre-Run: 7,900,454,912 bytes free
Post-Run: 6,075,863,040 bytes free
.
- - End Of File - - CCD3E5A53A7D887EE14F10D41B3B2206

ikon32
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-18
OS : windows vista ultimate

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by ikon32 on Tue May 31, 2011 10:34 pm

here are the results of the combofix.txt and thanks so much for your help.
----------
ComboFix 11-05-31.01 - ash 06/01/2011 1:15.3.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1253.30.1033.18.8190.5443 [GMT 3:00]
Running from: c:\users\ash\Desktop\commy.exe
Command switches used :: /stepdel
FW: ZoneAlarm Extreme Security Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\arp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-31 22:23 . 2011-05-31 22:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-31 22:23 . 2011-05-31 22:23 -------- d-----w- c:\users\Thanos\AppData\Local\temp
2011-05-31 22:23 . 2011-05-31 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 22:23 . 2011-05-31 22:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-31 10:53 . 2011-05-31 10:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-27 21:11 . 2011-05-18 09:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{839DC067-B5E8-40A5-9780-1E2D00AE7098}\mpengine.dll
2011-05-27 18:21 . 2011-05-27 18:22 -------- d-----w- c:\users\ash\AppData\Local\{349B6AC8-C16A-4DC6-9FCD-45C71B46BE94}
2011-05-22 15:39 . 2011-05-28 22:40 -------- d-----w- c:\users\ash\AppData\Roaming\#ISW.FS#
2011-05-20 19:24 . 2011-05-20 19:24 -------- d-----w- c:\users\Thanos\AppData\Local\WLDM
2011-05-20 19:24 . 2011-05-20 19:24 -------- d-----w- c:\users\ash\AppData\Local\{1EA39A51-FDC8-41C3-82EC-AB658B6CF6F2}
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Local\Mozilla
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\CheckPoint
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\MailFrontier
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Local\Adobe
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\Nero
2011-05-19 22:36 . 2011-05-19 22:36 -------- d-----w- c:\programdata\Kaspersky SDK
2011-05-19 22:31 . 2011-05-21 21:31 -------- d-----w- c:\users\ash\AppData\Roaming\MailFrontier
2011-05-19 21:13 . 2010-08-28 23:53 72704 ----a-w- c:\windows\zllsputility.exe
2011-05-19 21:12 . 2009-10-12 15:15 157712 ----a-w- c:\windows\system32\drivers\kl1.sys
2011-05-19 21:08 . 2010-08-28 23:53 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-05-19 21:08 . 2010-08-28 23:53 103936 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-05-19 21:06 . 2010-08-28 23:53 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-05-19 21:06 . 2011-05-19 21:06 -------- d-----w- c:\windows\system32\ZoneLabs
2011-05-19 21:06 . 2010-06-09 16:16 450648 ----a-w- c:\windows\SysWow64\drivers\vsdatant.sys
2011-05-19 05:45 . 2011-05-19 05:49 -------- d-----w- C:\xampp
2011-05-19 04:43 . 2011-05-19 04:43 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-05-19 04:43 . 2011-05-19 04:43 -------- d-----w- c:\program files\CheckPoint
2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\program files (x86)\Zone Labs
2011-05-19 04:41 . 2010-06-09 16:16 450648 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\programdata\CheckPoint
2011-05-19 04:20 . 2011-05-19 04:20 -------- d-----w- c:\users\ash\AppData\Local\conduitEngine
2011-05-16 13:11 . 2011-05-27 11:11 -------- d-----w- c:\users\UpdatusUser
2011-05-11 08:35 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 08:35 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-31 13:58 . 2009-02-24 07:56 164880 ---ha-w- c:\users\ash\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-05-21 05:13 . 2009-11-12 09:17 8892928 ----a-w- c:\programdata\atscie.msi
2011-04-14 02:07 . 2010-07-25 03:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-13 11:38 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2010-10-19 13:02 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2010-10-19 13:02 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-01-03 03:43 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2008-09-17 21:55 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2008-06-26 04:24 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-07 20:19 . 2011-04-07 20:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:19 . 2011-04-07 20:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 20:19 . 2011-04-07 20:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:19 . 2011-04-07 20:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:19 . 2011-04-07 20:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-16 06:57 . 2011-03-16 06:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 06:57 . 2011-03-16 06:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 06:57 . 2011-03-16 06:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 06:57 . 2011-03-16 06:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 06:57 . 2011-03-16 06:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 06:57 . 2011-03-16 06:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 06:57 . 2011-03-16 06:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 06:57 . 2011-03-16 06:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 06:57 . 2011-03-16 06:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 06:57 . 2011-03-16 06:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 06:57 . 2011-03-16 06:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 06:57 . 2011-03-16 06:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 06:57 . 2011-03-16 06:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 06:57 . 2011-03-16 06:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 06:57 . 2011-03-16 06:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 06:57 . 2011-03-16 06:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 06:57 . 2011-03-16 06:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 06:57 . 2011-03-16 06:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 06:57 . 2011-03-16 06:57 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 06:57 . 2011-03-16 06:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 06:57 . 2011-03-16 06:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 06:57 . 2011-03-16 06:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 06:57 . 2011-03-16 06:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 06:57 . 2011-03-16 06:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 06:57 . 2011-03-16 06:57 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 06:57 . 2011-03-16 06:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 06:57 . 2011-03-16 06:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 06:57 . 2011-03-16 06:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 06:57 . 2011-03-16 06:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 06:57 . 2011-03-16 06:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 06:57 . 2011-03-16 06:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 06:57 . 2011-03-16 06:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 06:57 . 2011-03-16 06:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 06:57 . 2011-03-16 06:57 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 06:57 . 2011-03-16 06:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 06:57 . 2011-03-16 06:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 06:57 . 2011-03-16 06:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 06:57 . 2011-03-16 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 06:57 . 2011-03-16 06:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 06:57 . 2011-03-16 06:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 06:57 . 2011-03-16 06:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 06:57 . 2011-03-16 06:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-12 22:52 . 2011-04-27 21:13 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 21:55 . 2011-04-27 21:13 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-10 17:18 . 2011-04-15 15:14 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-15 15:14 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-15 15:14 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:14 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-03 16:02 . 2011-04-15 15:14 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:59 . 2011-04-27 21:13 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:59 . 2011-04-27 21:13 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 21:13 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 21:13 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42 . 2011-04-15 15:14 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 21:13 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 21:13 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 21:13 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 21:13 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 21:13 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:00 . 2011-04-27 21:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:46 . 2011-04-15 15:14 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-03-03 13:35 . 2011-04-27 21:13 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2010-06-13 16:10 . 2010-09-13 13:16 2734688 ----a-w- c:\program files (x86)\tbZyng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\Zynga\prxtbZyn0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Opware15"="c:\program files (x86)\ScanSoft\OmniPage15.0\Opware15.exe" [2006-02-03 69632]
"PDF3 Registry Controller"="c:\program files (x86)\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-08-25 106496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Acrobat Assistant 8.0"="j:\programs\Adobe_Acrobat_10\Acrobat\Acrotray.exe" [2010-10-25 821144]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-14 63856]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Adobe Acrobat Speed Launcher"="j:\programs\Adobe_Acrobat_10\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"RemoteControl10"="j:\programs\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-28 1039360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EmEditor.lnk - c:\program files (x86)\EmEditor\emedtray.exe [2008-5-21 91280]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-2-25 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Register Mask Pro 3.0.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-07-26 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 135664]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SI3112r;SiI-3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/20 22:09];j:\programs\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 09:58 146928]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-08-27 33008]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-08-27 823272]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-08-27 44784]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 07:11]
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 07:11]
.
2011-05-29 c:\windows\Tasks\User_Feed_Synchronization-{217C160A-A253-44EF-BCDF-5CC166F24E45}.job
- c:\windows\system32\msfeedssync.exe [2011-03-16 06:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-24 60264]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 1553832]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1659816]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-12 119664]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 380448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Scansoft PDF Converter 3.0 - c:\program files (x86)\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\ash\AppData\Roaming\Mozilla\Firefox\Profiles\9telk2op.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\j:\programs\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF0BB237-E425-2C8D-FE37-1642F0F1C204}*]
"jafghoaeoklmcojcdpoc"=hex:6f,61,69,61,62,6a,70,65,61,62,68,67,70,6d,70,6b,6c,
6a,67,65,67,70,61,6a,62,63,6a,68,6e,70,00,04
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM02.00.00.01PRO"="E03A2AF0890C169A5ECC1D38DD6EC3C5384F008AD794D1D70E5438C88D9E4DEDC96F46E0FC36AF2954EA04FBFDD78FA734A0B94772281B0EE3D286C052D8E5A787998F1F05A20109ECE589BE88C86FD0D60B89A8E9AF5AEC2560AA230E84257C41708353CA754231DEB4E971CBF3E6D10CE4860B540F813E14D73A533AD68A8FACEDD3094BD4203EF79292E76C93EF60D74C7AA89830F56F87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6171C11EC38DE3D569A8B3D8AF807ED6328B179F0EEA8861357F2B9DE6AEE57362401F1627D799190C52FB8F092AA29E70179437E2674799D4B16A6235EB034E6429576D0D98B20FEED97AB1EE4002C00D60D599576E14D3CE888BC24F57533AD29258D885D9D4373B9732EDEA394EE63AE819C36FB364E2431E8BF325DDC1661F6F401CA61C7D2050451B089F318FE08BF50BFE44A5DDFCE583ACA26332AB41DFCB26E5F3245BB0FD9A7F5736C60FEA97457CA296562F6784762C7D58A43FA3EC06B47100F777DB1004C14F81C65A34A6CD71B91C878A0231AABF822EA34E7E7FB94D12C2DDFAC4EEBFD757A0445B5ADFCF65DAE63F6F79421C57369CE2A8DFD9B05A607B328718D475CD9DB9740125A2C3F989395D43254E0411F1525F9162D41F6B4753E9C89D8726AD303C13A2B9DB59CA25AB5B212AF9215B80C511AB9E1438BBDD25E2BC161FD924A5D5EBD86090A60A79F8D50F4B9221DD2BCAA2549CE2A45D67F966A0298B1A0F7593F77BA6E4BC127035B95C8453015CF197B59A7E9348BE9DA5F10413707C46B6BA8B77866D1D7F529520A8D6D1222E996839ACBEED1A936CEA5F70BB72E93078AD37300CD2922BABB185EDB0DCE48ACAE75EEC2592A4F4B44482480D8880502B26DC32544110072E7C4E25E4824747ADFF702A96D951010A99BB6D59E2DF667E4976552AEFB396B5C688D50028273072A26A2B430A2E3BE72E6F7D2CE662795226639053592F5C94F047887E38D765C1510432B6C11A4649568D3D3F532BB3F74E345CD43AF4306F78E6168DA9E9655A9B7FA67B05812628C4ED94AE143BC6CE50C3052896391EB94712A6C9942CC23741506DA4EA1D06FD5BDBE39270118F5075048CCFAF0B81BE48AD8A393B7F74C8711C0865BC8669476CDD9399C059B8BEA157F8851CEF086ADAB17AF8276D927FA0D30033261C0B0728A2776DC1E7DB0A9B4686809AAD8F7B81C34C66323196364DBF9FAEFB0ACF456F3C731464FD53BDEFA3EE060E26F88D09420B2779D407FE442E9AEF9AE5FE6AFFEFCBEFE4E9F552AA95BFADB8B1BA9C743F0D1C474BDD09B7D6DEF730A6F609013B0856A063DFE2EF443D5C4EAA51F714BE298136CE47F30BC99"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-06-01 01:26:04
ComboFix-quarantined-files.txt 2011-05-31 22:26
ComboFix2.txt 2011-05-31 22:11
ComboFix3.txt 2011-05-24 01:58
.
Pre-Run: 4,529,942,528 bytes free
Post-Run: 4,269,621,248 bytes free
.
- - End Of File - - 5E16FE7060556969BCE6E062EE1022C6

ikon32
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-18
OS : windows vista ultimate

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by Belahzur on Wed Jun 01, 2011 10:21 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by ikon32 on Tue Jun 07, 2011 12:11 pm

Thank you very much for your help, eset online scanner took out another 6 files... Would it be better to reconstruct my system from scratch and change ip address? (I try to avoid this though)

Still getting a lot of attempts to conrol my system of this type:
85.17.159.33 - - [07/Jun/2011:11:51:19 +0300] "GET /webdav/uxampp.php?&ip=IP&port=PORTHERE&time=120?act=phptools&ip=216.252.4.228&time=30&port=80 HTTP/1.1" 403 1131 "-" "-"
the 403 is because of a .htaccess i put to root, to deny access to those ip addresses.

ikon32
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-18
OS : windows vista ultimate

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by Belahzur on Tue Jun 07, 2011 6:23 pm

Hello.
Don't worry, we aren't done yet.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Driver::
    iprip
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by ikon32 on Tue Jun 07, 2011 10:05 pm

here are the results from the scan:
ComboFix 11-06-06.07 - ash 06/08/2011 0:10.4.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1253.30.1033.18.8190.5120 [GMT 3:00]
Running from: c:\users\ash\Desktop\ComboFix.exe
Command switches used :: c:\users\ash\Desktop\CFScript.txt
FW: ZoneAlarm Extreme Security Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {52279396-A3A0-FED7-C02E-6E9598AA3098}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_iprip
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 21:22 . 2011-06-07 21:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-07 21:22 . 2011-06-07 21:22 -------- d-----w- c:\users\Thanos\AppData\Local\temp
2011-06-07 21:22 . 2011-06-07 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-07 21:22 . 2011-06-07 21:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-07 06:28 . 2011-05-18 09:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{909770DD-B048-434C-9660-6077D4F0DD09}\mpengine.dll
2011-06-02 02:59 . 2011-06-02 02:59 -------- d-----w- c:\program files (x86)\ESET
2011-05-31 10:53 . 2011-05-31 10:53 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-27 18:21 . 2011-05-27 18:22 -------- d-----w- c:\users\ash\AppData\Local\{349B6AC8-C16A-4DC6-9FCD-45C71B46BE94}
2011-05-22 15:39 . 2011-05-28 22:40 -------- d-----w- c:\users\ash\AppData\Roaming\#ISW.FS#
2011-05-20 19:24 . 2011-05-20 19:24 -------- d-----w- c:\users\Thanos\AppData\Local\WLDM
2011-05-20 19:24 . 2011-05-20 19:24 -------- d-----w- c:\users\ash\AppData\Local\{1EA39A51-FDC8-41C3-82EC-AB658B6CF6F2}
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Local\Mozilla
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\CheckPoint
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\MailFrontier
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Local\Adobe
2011-05-20 19:23 . 2011-05-20 19:23 -------- d-----w- c:\users\Thanos\AppData\Roaming\Nero
2011-05-19 22:36 . 2011-05-19 22:36 -------- d-----w- c:\programdata\Kaspersky SDK
2011-05-19 22:31 . 2011-05-21 21:31 -------- d-----w- c:\users\ash\AppData\Roaming\MailFrontier
2011-05-19 21:13 . 2010-08-28 23:53 72704 ----a-w- c:\windows\zllsputility.exe
2011-05-19 21:12 . 2009-10-12 15:15 157712 ----a-w- c:\windows\system32\drivers\kl1.sys
2011-05-19 21:08 . 2010-08-28 23:53 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-05-19 21:08 . 2010-08-28 23:53 103936 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-05-19 21:06 . 2010-08-28 23:53 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-05-19 21:06 . 2011-05-19 21:06 -------- d-----w- c:\windows\system32\ZoneLabs
2011-05-19 21:06 . 2010-06-09 16:16 450648 ----a-w- c:\windows\SysWow64\drivers\vsdatant.sys
2011-05-19 05:45 . 2011-05-19 05:49 -------- d-----w- C:\xampp
2011-05-19 04:43 . 2011-05-19 04:43 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-05-19 04:43 . 2011-05-19 04:43 -------- d-----w- c:\program files\CheckPoint
2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\program files (x86)\Zone Labs
2011-05-19 04:41 . 2010-06-09 16:16 450648 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-05-19 04:41 . 2011-05-19 04:41 -------- d-----w- c:\programdata\CheckPoint
2011-05-19 04:20 . 2011-05-19 04:20 -------- d-----w- c:\users\ash\AppData\Local\conduitEngine
2011-05-16 13:11 . 2011-05-27 11:11 -------- d-----w- c:\users\UpdatusUser
2011-05-11 08:35 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 08:35 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 14:20 . 2009-02-24 07:56 164880 ---ha-w- c:\users\ash\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-05-21 05:13 . 2009-11-12 09:17 8892928 ----a-w- c:\programdata\atscie.msi
2011-04-14 02:07 . 2010-07-25 03:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-13 11:38 . 2010-06-24 08:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2010-10-19 13:02 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2010-10-19 13:02 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2010-01-03 03:43 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2008-09-17 21:55 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2008-06-26 04:24 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-07 20:19 . 2011-04-07 20:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:19 . 2011-04-07 20:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 20:19 . 2011-04-07 20:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:19 . 2011-04-07 20:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:19 . 2011-04-07 20:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-16 06:57 . 2011-03-16 06:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 06:57 . 2011-03-16 06:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 06:57 . 2011-03-16 06:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 06:57 . 2011-03-16 06:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 06:57 . 2011-03-16 06:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 06:57 . 2011-03-16 06:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 06:57 . 2011-03-16 06:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 06:57 . 2011-03-16 06:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 06:57 . 2011-03-16 06:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 06:57 . 2011-03-16 06:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 06:57 . 2011-03-16 06:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 06:57 . 2011-03-16 06:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 06:57 . 2011-03-16 06:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 06:57 . 2011-03-16 06:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 06:57 . 2011-03-16 06:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 06:57 . 2011-03-16 06:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 06:57 . 2011-03-16 06:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 06:57 . 2011-03-16 06:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 06:57 . 2011-03-16 06:57 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 06:57 . 2011-03-16 06:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 06:57 . 2011-03-16 06:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 06:57 . 2011-03-16 06:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 06:57 . 2011-03-16 06:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 06:57 . 2011-03-16 06:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 06:57 . 2011-03-16 06:57 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 06:57 . 2011-03-16 06:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 06:57 . 2011-03-16 06:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 06:57 . 2011-03-16 06:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 06:57 . 2011-03-16 06:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 06:57 . 2011-03-16 06:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 06:57 . 2011-03-16 06:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 06:57 . 2011-03-16 06:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 06:57 . 2011-03-16 06:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 06:57 . 2011-03-16 06:57 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 06:57 . 2011-03-16 06:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 06:57 . 2011-03-16 06:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 06:57 . 2011-03-16 06:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 06:57 . 2011-03-16 06:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 06:57 . 2011-03-16 06:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 06:57 . 2011-03-16 06:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 06:57 . 2011-03-16 06:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 06:57 . 2011-03-16 06:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-12 22:52 . 2011-04-27 21:13 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 21:55 . 2011-04-27 21:13 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-10 17:18 . 2011-04-15 15:14 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-15 15:14 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-15 15:14 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 15:14 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2010-06-13 16:10 . 2010-09-13 13:16 2734688 ----a-w- c:\program files (x86)\tbZyng.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-31_22.09.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-02 08:51 . 2011-05-29 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-02 08:51 . 2011-06-07 21:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-02 08:51 . 2011-05-29 09:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-02 08:51 . 2011-06-07 21:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-02 08:51 . 2011-05-29 09:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-02 08:51 . 2011-06-07 21:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-02 15:49 . 2011-05-21 06:16 701150 c:\windows\system32\perfh010.dat
+ 2009-02-02 15:49 . 2011-06-05 19:17 701150 c:\windows\system32\perfh010.dat
+ 2009-02-02 15:49 . 2011-06-05 19:17 708274 c:\windows\system32\perfh00C.dat
- 2009-02-02 15:49 . 2011-05-21 06:16 708274 c:\windows\system32\perfh00C.dat
+ 2006-11-02 12:46 . 2011-06-05 19:17 629946 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-05-21 06:16 629946 c:\windows\system32\perfh009.dat
- 2009-02-02 14:50 . 2011-05-21 06:16 607628 c:\windows\system32\perfh008.dat
+ 2009-02-02 14:50 . 2011-06-05 19:17 607628 c:\windows\system32\perfh008.dat
+ 2009-02-02 15:49 . 2011-06-05 19:17 658908 c:\windows\system32\perfh007.dat
- 2009-02-02 15:49 . 2011-05-21 06:16 658908 c:\windows\system32\perfh007.dat
- 2009-02-02 15:49 . 2011-05-21 06:16 134602 c:\windows\system32\perfc010.dat
+ 2009-02-02 15:49 . 2011-06-05 19:17 134602 c:\windows\system32\perfc010.dat
- 2009-02-02 15:49 . 2011-05-21 06:16 138798 c:\windows\system32\perfc00C.dat
+ 2009-02-02 15:49 . 2011-06-05 19:17 138798 c:\windows\system32\perfc00C.dat
+ 2006-11-02 12:46 . 2011-06-05 19:17 114022 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-05-21 06:16 114022 c:\windows\system32\perfc009.dat
- 2009-02-02 14:50 . 2011-05-21 06:16 106362 c:\windows\system32\perfc008.dat
+ 2009-02-02 14:50 . 2011-06-05 19:17 106362 c:\windows\system32\perfc008.dat
- 2009-02-02 15:49 . 2011-05-21 06:16 137916 c:\windows\system32\perfc007.dat
+ 2009-02-02 15:49 . 2011-06-05 19:17 137916 c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\Zynga\prxtbZyn0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files (x86)\Zynga\prxtbZyn0.dll" [2011-03-28 176936]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Opware15"="c:\program files (x86)\ScanSoft\OmniPage15.0\Opware15.exe" [2006-02-03 69632]
"PDF3 Registry Controller"="c:\program files (x86)\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-08-25 106496]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"Acrobat Assistant 8.0"="j:\programs\Adobe_Acrobat_10\Acrobat\Acrotray.exe" [2010-10-25 821144]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"IME JPN 2007 Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-14 63856]
"WindowsLivePhone"="c:\program files (x86)\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"Adobe Acrobat Speed Launcher"="j:\programs\Adobe_Acrobat_10\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"RemoteControl10"="j:\programs\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-28 1039360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\ash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EmEditor.lnk - c:\program files (x86)\EmEditor\emedtray.exe [2008-5-21 91280]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-2-25 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Register Mask Pro 3.0.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-07-26 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 135664]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SI3112r;SiI-3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/20 22:09];j:\programs\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 09:58 146928]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]
S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-08-27 33008]
S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-08-27 823272]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2010-08-27 44784]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 07:11]
.
2011-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-15 07:11]
.
2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{217C160A-A253-44EF-BCDF-5CC166F24E45}.job
- c:\windows\system32\msfeedssync.exe [2011-03-16 06:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF11784.cfxxe" [X]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-24 60264]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 1553832]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1659816]
"IME JPN 2007 Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2009-02-12 119664]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 43808]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 380448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Scansoft PDF Converter 3.0 - c:\program files (x86)\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\ash\AppData\Roaming\Mozilla\Firefox\Profiles\9telk2op.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\j:\programs\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-372249081-3020970452-1992056640-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_USERS\S-1-5-21-372249081-3020970452-1992056640-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF0BB237-E425-2C8D-FE37-1642F0F1C204}*]
"jafghoaeoklmcojcdpoc"=hex:6f,61,69,61,62,6a,70,65,61,62,68,67,70,6d,70,6b,6c,
6a,67,65,67,70,61,6a,62,63,6a,68,6e,70,00,04
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOPM02.00.00.01PRO"="E03A2AF0890C169A5ECC1D38DD6EC3C5384F008AD794D1D70E5438C88D9E4DEDC96F46E0FC36AF2954EA04FBFDD78FA734A0B94772281B0EE3D286C052D8E5A787998F1F05A20109ECE589BE88C86FD0D60B89A8E9AF5AEC2560AA230E84257C41708353CA754231DEB4E971CBF3E6D10CE4860B540F813E14D73A533AD68A8FACEDD3094BD4203EF79292E76C93EF60D74C7AA89830F56F87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407A6171C11EC38DE3D569A8B3D8AF807ED6328B179F0EEA8861357F2B9DE6AEE57362401F1627D799190C52FB8F092AA29E70179437E2674799D4B16A6235EB034E6429576D0D98B20FEED97AB1EE4002C00D60D599576E14D3CE888BC24F57533AD29258D885D9D4373B9732EDEA394EE63AE819C36FB364E2431E8BF325DDC1661F6F401CA61C7D2050451B089F318FE08BF50BFE44A5DDFCE583ACA26332AB41DFCB26E5F3245BB0FD9A7F5736C60FEA97457CA296562F6784762C7D58A43FA3EC06B47100F777DB1004C14F81C65A34A6CD71B91C878A0231AABF822EA34E7E7FB94D12C2DDFAC4EEBFD757A0445B5ADFCF65DAE63F6F79421C57369CE2A8DFD9B05A607B328718D475CD9DB9740125A2C3F989395D43254E0411F1525F9162D41F6B4753E9C89D8726AD303C13A2B9DB59CA25AB5B212AF9215B80C511AB9E1438BBDD25E2BC161FD924A5D5EBD86090A60A79F8D50F4B9221DD2BCAA2549CE2A45D67F966A0298B1A0F7593F77BA6E4BC127035B95C8453015CF197B59A7E9348BE9DA5F10413707C46B6BA8B77866D1D7F529520A8D6D1222E996839ACBEED1A936CEA5F70BB72E93078AD37300CD2922BABB185EDB0DCE48ACAE75EEC2592A4F4B44482480D8880502B26DC32544110072E7C4E25E4824747ADFF702A96D951010A99BB6D59E2DF667E4976552AEFB396B5C688D50028273072A26A2B430A2E3BE72E6F7D2CE662795226639053592F5C94F047887E38D765C1510432B6C11A4649568D3D3F532BB3F74E345CD43AF4306F78E6168DA9E9655A9B7FA67B05812628C4ED94AE143BC6CE50C3052896391EB94712A6C9942CC23741506DA4EA1D06FD5BDBE39270118F5075048CCFAF0B81BE48AD8A393B7F74C8711C0865BC8669476CDD9399C059B8BEA157F8851CEF086ADAB17AF8276D927FA0D30033261C0B0728A2776DC1E7DB0A9B4686809AAD8F7B81C34C66323196364DBF9FAEFB0ACF456F3C731464FD53BDEFA3EE060E26F88D09420B2779D407FE442E9AEF9AE5FE6AFFEFCBEFE4E9F552AA95BFADB8B1BA9C743F0D1C474BDD09B7D6DEF730A6F609013B0856A063DFE2EF443D5C4EAA51F714BE298136CE47F30BC99"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\astsrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-06-08 00:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 21:43
ComboFix2.txt 2011-05-31 22:26
ComboFix3.txt 2011-05-31 22:11
ComboFix4.txt 2011-05-24 01:58
.
Pre-Run: 5,851,152,384 bytes free
Post-Run: 4,914,323,456 bytes free
.
- - End Of File - - 21D82EC9ADF842769FF36F70CA9B12DD

ikon32
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-18
OS : windows vista ultimate

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by Belahzur on Wed Jun 08, 2011 8:57 pm

Okay any difference now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: ddos attack and webdav hack

Post by ikon32 on Sat Jul 02, 2011 9:03 am

Sorry it took me a while to respond. It took me a lot of time to check and delete some files I no longer need. Also I install a packet capturing and network analysis solution in order to see what is happening inside my line and where packets come and go. Next step is to manually set up a firewall and then I am not sure what else should I do for my network security. Thank you so very much for helping me clean my computer out.

ikon32
Novice
Novice

Status :
Online
Offline

Posts : 27
Joined : 2008-12-18
OS : windows vista ultimate

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum