Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35
  1. #11
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    MBRCheck.exe scared the crap out of me because it didn't re-boot it shut down. But the machine started fine.

    Security center still shuts down, but the redirects are now all sending me to a blank page with this address:

    H ttp://www.goingonearth.com/search.php?q=(what ever I search for) <I left added the space to keep the forum from turning it into a link.

    I also have a new problem. My AVAST anti-virus doesn't start at boot-up. I have to click on my Avast icon to start it. The service is listed as automatic start but it isn't working since I ran combo-fix.

    MRBCheck Log:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: Service Pack 1 (build 7601), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion P6000 Series
    Logical Drives Mask: 0x00000ffc

    Kernel Drivers (total 183):
    0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
    0x03008000 \SystemRoot\system32\hal.dll
    0x00BB0000 \SystemRoot\system32\kdcom.dll
    0x00C8F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CDE000 \SystemRoot\system32\PSHED.dll
    0x00CF2000 \SystemRoot\system32\CLFS.SYS
    0x00EB6000 \SystemRoot\system32\CI.dll
    0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F76000 \SystemRoot\system32\drivers\ACPI.sys
    0x00FCD000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00FD6000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00D50000 \SystemRoot\system32\drivers\pci.sys
    0x00FE0000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x00D83000 \SystemRoot\System32\drivers\partmgr.sys
    0x00D98000 \SystemRoot\system32\drivers\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FED000 \SystemRoot\system32\drivers\pciide.sys
    0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FF4000 \SystemRoot\system32\drivers\atapi.sys
    0x00DAD000 \SystemRoot\system32\drivers\ataport.SYS
    0x00DD7000 \SystemRoot\system32\drivers\amdxata.sys
    0x01035000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01081000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0123F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01095000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013E2000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x010F3000 \SystemRoot\System32\Drivers\cng.sys
    0x01200000 \SystemRoot\System32\drivers\pcw.sys
    0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01417000 \SystemRoot\system32\drivers\ndis.sys
    0x0150A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0156A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01655000 \SystemRoot\System32\drivers\tcpip.sys
    0x01859000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x018A3000 \SystemRoot\system32\drivers\volsnap.sys
    0x018EF000 \SystemRoot\System32\Drivers\spldr.sys
    0x018F7000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01931000 \SystemRoot\System32\Drivers\mup.sys
    0x01943000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0194C000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01986000 \SystemRoot\system32\DRIVERS\disk.sys
    0x0199C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01613000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01165000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x0163D000 \SystemRoot\System32\Drivers\Null.SYS
    0x01646000 \SystemRoot\System32\Drivers\Beep.SYS
    0x019EF000 \SystemRoot\System32\drivers\vga.sys
    0x01595000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x015BA000 \SystemRoot\System32\drivers\watchdog.sys
    0x015CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x015D3000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x015DC000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x015E5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0121B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x015F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01000000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x02C30000 \SystemRoot\system32\drivers\afd.sys
    0x02CB9000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x02CC3000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02D08000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02D11000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02D37000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02D46000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02D61000 \SystemRoot\system32\drivers\termdd.sys
    0x02D75000 \??\C:\All Programs\SAS\SASKUTIL64.SYS
    0x02D7F000 \??\C:\All Programs\SAS\SASDIFSV64.SYS
    0x02D89000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02DDA000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02DE6000 \SystemRoot\system32\drivers\mssmbios.sys
    0x02DF1000 \SystemRoot\System32\drivers\discache.sys
    0x02C00000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02C1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03EEC000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x03F39000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03F5F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04821000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x04F9C000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x044CF000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04446000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04453000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x044A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x045C3000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x03F75000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x045E7000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x04FD2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03FCC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x044BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03E2F000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03E50000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04FE8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03E6A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x044C6000 \SystemRoot\system32\drivers\swenum.sys
    0x03E79000 \SystemRoot\system32\drivers\ks.sys
    0x03EBC000 \SystemRoot\system32\drivers\umbus.sys
    0x04025000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0407F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06665000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x068C2000 \SystemRoot\system32\drivers\portcls.sys
    0x068FF000 \SystemRoot\system32\drivers\drmk.sys
    0x06921000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00000000 \SystemRoot\System32\win32k.sys
    0x06927000 \SystemRoot\System32\drivers\Dxapi.sys
    0x06933000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x06941000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0694F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x0695B000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x06964000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x06977000 \SystemRoot\system32\drivers\USBSTOR.SYS
    0x06992000 \SystemRoot\system32\drivers\USBD.SYS
    0x06994000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x069B1000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x069BF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x069D8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x069E1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x069EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x004F0000 \SystemRoot\System32\TSDDD.dll
    0x006F0000 \SystemRoot\System32\cdd.dll
    0x00890000 \SystemRoot\System32\ATMFD.DLL
    0x06600000 \SystemRoot\system32\drivers\luafv.sys
    0x06623000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x04094000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x0409D000 \SystemRoot\system32\drivers\WudfPf.sys
    0x040BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x040D3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x040EB000 \SystemRoot\system32\drivers\HTTP.sys
    0x041B4000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x041D2000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x03ACD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x03AFA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03B48000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03A00000 \SystemRoot\system32\drivers\peauth.sys
    0x03AA6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x03B6C000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x03B9D000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x078E4000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0794D000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x078A2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x77180000 \Windows\System32\ntdll.dll
    0x47680000 \Windows\System32\smss.exe
    0xFF4A0000 \Windows\System32\apisetschema.dll
    0xFF660000 \Windows\System32\autochk.exe
    0xFF470000 \Windows\System32\sechost.dll
    0x77020000 \Windows\System32\wininet.dll
    0xFF420000 \Windows\System32\ws2_32.dll
    0x76F00000 \Windows\System32\kernel32.dll
    0xFF3C0000 \Windows\System32\Wldap32.dll
    0x76E00000 \Windows\System32\user32.dll
    0xFF2E0000 \Windows\System32\advapi32.dll
    0xFF2C0000 \Windows\System32\imagehlp.dll
    0xFF1B0000 \Windows\System32\msctf.dll
    0xFF130000 \Windows\System32\shlwapi.dll
    0xFF120000 \Windows\System32\lpk.dll
    0xFF050000 \Windows\System32\usp10.dll
    0xFEFD0000 \Windows\System32\difxapi.dll
    0xFEEF0000 \Windows\System32\oleaut32.dll
    0xFEEE0000 \Windows\System32\nsi.dll
    0xFED00000 \Windows\System32\setupapi.dll
    0x77350000 \Windows\System32\psapi.dll
    0xFEC90000 \Windows\System32\gdi32.dll
    0xFEBF0000 \Windows\System32\clbcatq.dll
    0xFEB50000 \Windows\System32\msvcrt.dll
    0x76CB0000 \Windows\System32\urlmon.dll
    0xFEB20000 \Windows\System32\imm32.dll
    0xFDD90000 \Windows\System32\shell32.dll
    0xFDC60000 \Windows\System32\rpcrt4.dll
    0xFDA50000 \Windows\System32\ole32.dll
    0xFD9B0000 \Windows\System32\comdlg32.dll
    0x76AA0000 \Windows\System32\iertutil.dll
    0x77340000 \Windows\System32\normaliz.dll
    0xFD940000 \Windows\System32\KernelBase.dll
    0xFD8A0000 \Windows\System32\comctl32.dll
    0xFD860000 \Windows\System32\wintrust.dll
    0xFD820000 \Windows\System32\cfgmgr32.dll
    0xFD6B0000 \Windows\System32\crypt32.dll
    0xFD690000 \Windows\System32\devobj.dll
    0xFD680000 \Windows\System32\msasn1.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    276 C:\Windows\System32\smss.exe
    432 csrss.exe
    496 C:\Windows\System32\wininit.exe
    516 csrss.exe
    552 C:\Windows\System32\services.exe
    592 C:\Windows\System32\winlogon.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    728 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    324 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1112 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1280 C:\Windows\System32\dwm.exe
    1304 C:\Windows\explorer.exe
    1472 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    1496 C:\Windows\System32\hkcmd.exe
    1504 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    1512 C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    1552 C:\Windows\System32\igfxpers.exe
    1768 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    1916 C:\Windows\System32\igfxsrvc.exe
    1128 C:\Windows\System32\taskeng.exe
    1084 C:\Windows\System32\spoolsv.exe
    1260 C:\Windows\System32\taskhost.exe
    816 C:\Windows\System32\svchost.exe
    1236 C:\Windows\System32\rundll32.exe
    1656 C:\Windows\SysWOW64\rundll32.exe
    2064 C:\Windows\System32\svchost.exe
    2128 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    2164 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2200 C:\Windows\System32\lxcrcoms.exe
    2304 C:\Windows\System32\svchost.exe
    2356 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2792 C:\Windows\System32\SearchIndexer.exe
    3004 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3012 WUDFHost.exe
    1676 C:\Windows\System32\svchost.exe
    2468 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3648 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3084 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    2076 C:\Windows\System32\SearchProtocolHost.exe
    924 C:\Windows\System32\SearchFilterHost.exe
    3464 C:\Users\KVC\Desktop\MBRCheck.exe
    3884 C:\Windows\System32\conhost.exe
    4008 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06507e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e6`0ca00000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000001`56b1f600 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: HitachiHDS721010CLA332, Rev: JP4OA3BF
    PhysicalDrive1 Model Number: ST3320833AS, Rev: 3.AAH

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 400F936D9EE32201892AD99B4E147B0CC75B1599
    298 GB \\.\PhysicalDrive1 Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows 7)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 5
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!

  2. #12
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Do you have your Windows 7 installation disc?
    Last edited by fireman4it; 06-28-2011 at 07:51 PM.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #13
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    Ran aswMBR - crashed to blue stop screen. (Don't know if this will help)
    BAD_POOL_HEADER
    xxxstop:0x00000019
    0x0000000000000003,
    0xFFFFFA8006693900,
    0x0000000030872BCEC,
    0xFFFFFA8006693900

    Restarted in safe mode and ran again, LOG:
    aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-28 21:17:49
    -----------------------------
    21:17:49.537 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:17:49.537 Number of processors: 4 586 0x170A
    21:17:49.537 ComputerName: KVC-HP UserName: KVC
    21:17:52.594 Initialize success
    21:17:53.078 AVAST engine defs: 11062801
    21:17:55.387 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    21:17:55.387 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3BF Size: 953869MB BusType: 3
    21:17:55.387 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    21:17:55.387 Disk 1 Vendor: ST3320833AS 3.AAH Size: 305245MB BusType: 3
    21:17:55.402 Disk 0 MBR read successfully
    21:17:55.402 Disk 0 MBR scan
    21:17:55.590 Disk 0 unknown MBR code
    21:17:55.590 Service scanning
    21:17:57.243 Disk 0 trace - called modules:
    21:17:57.243 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    21:17:57.259 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007750790]
    21:17:57.259 3 CLASSPNP.SYS[fffff880019be43f] -> nt!IofCallDriver -> [0xfffffa80070b1520]
    21:17:57.274 5 ACPI.sys[fffff88000ee57a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80070ae060]
    21:18:00.020 AVAST engine scan C:\Windows
    21:35:21.493 AVAST engine scan C:\Users\KVC
    21:38:35.885 AVAST engine scan C:\ProgramData
    21:39:10.705 Scan finished successfully
    21:39:28.021 Disk 0 MBR has been saved successfully to "C:\Users\KVC\Desktop\MBR.dat"
    21:39:28.021 The log file has been saved successfully to "C:\Users\KVC\Desktop\aswMBR.txt"


    MBR.dat - attached
    Attached Files

  4. #14
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    No windows disc.

  5. #15
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please read here::

    How to Create a Windows 7 Repair Disc if You Don’t Have One

    Let me know when you have created one or have a problem doing so.

    Don't do nothing with it until I tell you to once you have made it.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #16
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    It burned to my DVD without fail..Ready to move on (Thanks for all the help!)

  7. #17
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Now lets fix your MBR. You may want to copy or print these instructions before proceeding with them.

    1. Start PC, Insert Windows 7 Recovery DVD you just burned and hit a key when asked to. You may have to change your boot order to boot from DVD!

    2. Click on “Repair your computer“:



    3.The installer will scan your PC for previous Windows installations:







    4. Click on Command Prompt




    5. Enter the following command on one line:
    bootrec.exe /fixmbr


    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #18
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    No change. Security Center shuts down, Google redirects and Avast must be manually started.

  9. #19
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Are you connected to the internet through a router? If so wee need to reset that router.

    How to reset your router.

    Please delete the copy of Combofix you have on your desktop. Download a fresh copy from one of the links below to your desktop and run it and post its complete log.

    Link 1
    Link 2
    Last edited by fireman4it; 07-01-2011 at 08:14 PM.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #20
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    The first thing I tried after getting the redirects was resetting the router.
    I reset it again after downloading aswMBR and Combofix.


    aswMBR:
    Again crashed to blue screen, then I ran it in safe mode - Log:
    aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
    Run date: 2011-07-02 00:08:26
    -----------------------------
    00:08:26.240 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:08:26.240 Number of processors: 4 586 0x170A
    00:08:26.240 ComputerName: KVC-HP UserName: KVC
    00:08:34.009 Initialize success
    00:08:34.352 AVAST engine defs: 11070102
    00:08:38.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:08:38.206 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3BF Size: 953869MB BusType: 3
    00:08:38.206 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    00:08:38.206 Disk 1 Vendor: ST3320833AS 3.AAH Size: 305245MB BusType: 3
    00:08:38.221 Disk 0 MBR read successfully
    00:08:38.221 Disk 0 MBR scan
    00:08:38.455 Disk 0 Windows 7 default MBR code
    00:08:38.455 Service scanning
    00:08:40.046 Disk 0 trace - called modules:
    00:08:40.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    00:08:40.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007750790]
    00:08:40.109 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80070b5520]
    00:08:40.109 5 ACPI.sys[fffff88000f727a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006721060]
    00:08:45.382 AVAST engine scan C:\Windows
    00:27:13.686 AVAST engine scan C:\Users\KVC
    00:29:05.241 AVAST engine scan C:\ProgramData
    00:29:37.549 Scan finished successfully
    00:30:02.447 Disk 0 MBR has been saved successfully to "C:\Users\KVC\Desktop\MBR.dat"
    00:30:02.462 The log file has been saved successfully to "C:\Users\KVC\Desktop\aswMBR.txt"

    ComboFix - Log:
    ComboFix 11-07-01.01 - KVC 07/02/2011 0:33.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6957 [GMT -4:00]
    Running from: c:\users\KVC\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-02 04:38 . 2011-07-02 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-26 02:23 . 2011-06-26 02:23 -------- d-----w- c:\users\KVC\AppData\Roaming\Thinstall
    2011-06-26 02:23 . 2011-06-26 02:23 -------- d-----w- c:\users\KVC\AppData\Local\Thinstall
    2011-06-24 23:26 . 2011-06-24 23:26 -------- d-----w- c:\users\KVC\.thumbnails
    2011-06-24 23:22 . 2011-06-24 23:51 -------- d-----w- c:\users\KVC\.gimp-2.6
    2011-06-18 15:09 . 2011-06-28 01:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-06-15 01:36 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 01:36 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 01:36 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-15 01:36 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 01:36 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 01:36 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
    2011-06-15 01:36 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 01:36 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 01:36 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 01:35 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 01:35 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-06-15 01:35 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-15 01:35 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-06-14 20:59 . 2011-06-14 20:59 -------- d-----w- c:\users\KVC\AppData\Roaming\SUPERAntiSpyware.com
    2011-06-14 20:59 . 2011-06-14 20:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-06-14 20:59 . 2011-06-14 20:59 -------- d-----w- c:\programdata\!SASCORE
    2011-06-14 14:27 . 2011-07-02 04:37 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-14 05:01 . 2011-06-14 05:01 388096 ----a-r- c:\users\KVC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-06-14 04:09 . 2011-06-14 04:09 -------- d-----w- c:\users\KVC\AppData\Roaming\Malwarebytes
    2011-06-14 04:09 . 2011-06-14 04:09 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-14 04:09 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-14 04:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-14 04:07 . 2011-06-14 04:21 0 ----a-w- c:\windows\FileLock.bin
    2011-06-14 02:47 . 2011-06-14 02:49 -------- d-----w- c:\program files (x86)\MediaMan
    2011-06-14 02:24 . 2011-06-14 02:24 136704 --sha-r- c:\windows\SysWow64\oflcw.dll
    2011-06-10 12:56 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FB76C06-410D-4F6C-A95B-5B7DB72C3C62}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-16 21:36 . 2011-05-16 21:36 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-10 12:10 . 2010-12-25 22:16 40112 ----a-w- c:\windows\avastSS.scr
    2011-05-10 12:10 . 2010-12-25 22:16 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-05-10 12:10 . 2011-01-15 10:47 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-05-10 12:04 . 2011-05-26 23:20 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-05-10 12:04 . 2010-12-25 22:16 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-05-10 12:02 . 2010-12-25 22:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-05-10 11:59 . 2010-12-25 22:16 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-05-10 11:59 . 2010-12-25 22:16 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-05-10 11:59 . 2010-12-25 22:16 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-22 22:15 . 2011-05-25 13:47 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2011-04-09 07:02 . 2011-05-11 12:53 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:58 . 2011-05-11 17:41 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-09 06:02 . 2011-05-11 12:53 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 12:53 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-11 17:41 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-04-03 20:50 . 2011-04-03 20:50 108144 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-26_23.53.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 00:13 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\SearchFilterHost.exe
    + 2011-06-29 13:21 . 2011-05-04 04:28 86528 c:\windows\SysWOW64\SearchFilterHost.exe
    - 2009-07-14 00:12 . 2009-07-14 01:15 59392 c:\windows\SysWOW64\msscntrs.dll
    + 2011-06-29 13:21 . 2011-05-04 04:32 59392 c:\windows\SysWOW64\msscntrs.dll
    + 2010-10-16 08:57 . 2010-10-16 08:57 23552 c:\windows\SysWOW64\igfxexps32.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 92356 c:\windows\SysWOW64\igfcg500m.bin
    + 2011-06-29 13:21 . 2011-05-24 10:40 44544 c:\windows\SysWOW64\devrtl.dll
    - 2009-07-13 23:16 . 2009-07-14 01:15 44544 c:\windows\SysWOW64\devrtl.dll
    + 2011-06-29 13:21 . 2011-05-24 10:40 64512 c:\windows\SysWOW64\devobj.dll
    - 2009-07-13 23:16 . 2009-07-14 01:15 64512 c:\windows\SysWOW64\devobj.dll
    + 2011-06-24 20:41 . 2011-07-01 20:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-06-24 20:41 . 2011-06-26 02:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2011-07-02 04:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-06-26 23:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-07-02 04:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-06-26 23:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-06-26 23:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-07-02 04:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-25 21:48 . 2011-07-02 04:32 27960 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-07-02 04:32 34548 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2011-06-26 13:59 34548 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-06-29 13:21 . 2011-05-04 05:22 75264 c:\windows\system32\msscntrs.dll
    - 2009-07-14 00:29 . 2009-07-14 01:41 75264 c:\windows\system32\msscntrs.dll
    + 2010-07-21 18:28 . 2010-10-16 09:01 61952 c:\windows\system32\igfxsrvc.dll
    + 2010-10-16 09:01 . 2010-10-16 09:01 27648 c:\windows\system32\igfxexps.dll
    - 2010-07-21 18:28 . 2010-01-08 03:42 27648 c:\windows\system32\igfxexps.dll
    + 2010-10-16 09:32 . 2010-10-16 09:32 90112 c:\windows\system32\igfxCoIn_v2226.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 92356 c:\windows\system32\igfcg500m.bin
    + 2009-07-14 05:30 . 2011-06-30 02:12 86016 c:\windows\system32\DriverStore\infpub.dat
    - 2009-07-14 05:30 . 2011-05-12 19:59 86016 c:\windows\system32\DriverStore\infpub.dat
    + 2010-10-16 09:32 . 2010-10-16 09:32 90112 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igxpco64.dll
    + 2010-10-16 09:01 . 2010-10-16 09:01 61952 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxsrvc.dll
    + 2010-10-16 08:57 . 2010-10-16 08:57 23552 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxexps32.dll
    + 2010-10-16 09:01 . 2010-10-16 09:01 27648 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxexps.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 92356 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfcg500m.bin
    - 2010-07-21 17:51 . 2011-06-26 02:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-21 17:51 . 2011-07-01 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-07-21 17:51 . 2011-06-26 02:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-21 17:51 . 2011-07-01 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-06-26 02:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-07-01 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:46 . 2011-06-25 14:16 91776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2009-07-14 04:46 . 2011-06-30 02:21 91776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2010-12-25 21:48 . 2011-07-02 04:32 9844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-913013744-1395498927-1650167935-1000_UserData.bin
    + 2010-10-16 09:00 . 2010-10-16 09:00 4096 c:\windows\system32\IGFXDEVLib.dll
    - 2010-07-21 18:28 . 2010-01-08 03:40 4096 c:\windows\system32\IGFXDEVLib.dll
    + 2010-10-16 09:00 . 2010-10-16 09:00 4096 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\IGFXDEVLib.dll
    - 2011-06-26 23:52 . 2011-06-26 23:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-07-02 04:39 . 2011-07-02 04:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-07-02 04:39 . 2011-07-02 04:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-06-26 23:52 . 2011-06-26 23:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 00:14 . 2009-07-14 01:14 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
    + 2011-06-29 13:21 . 2011-05-04 04:28 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
    + 2011-06-29 13:21 . 2011-05-04 04:28 427520 c:\windows\SysWOW64\SearchIndexer.exe
    + 2011-06-29 13:21 . 2011-05-04 04:32 666624 c:\windows\SysWOW64\mssvp.dll
    - 2011-02-28 06:16 . 2010-11-20 12:19 666624 c:\windows\SysWOW64\mssvp.dll
    + 2011-06-29 13:21 . 2011-05-04 04:32 197120 c:\windows\SysWOW64\mssphtb.dll
    - 2011-02-28 06:16 . 2010-11-20 12:19 197120 c:\windows\SysWOW64\mssphtb.dll
    - 2009-07-14 00:13 . 2009-07-14 01:15 337408 c:\windows\SysWOW64\mssph.dll
    + 2011-06-29 13:21 . 2011-05-04 04:32 337408 c:\windows\SysWOW64\mssph.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 982240 c:\windows\SysWOW64\igkrng500.bin
    + 2010-10-16 08:56 . 2010-10-16 08:56 228864 c:\windows\SysWOW64\igfxdv32.dll
    + 2010-10-16 09:22 . 2010-10-16 09:22 571904 c:\windows\SysWOW64\igdumdx32.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 439308 c:\windows\SysWOW64\igcompkrng500.bin
    + 2011-06-29 13:21 . 2011-05-24 10:37 252928 c:\windows\SysWOW64\drvinst.exe
    - 2009-07-13 23:16 . 2009-07-14 01:14 252928 c:\windows\SysWOW64\drvinst.exe
    + 2011-06-29 13:21 . 2011-05-24 10:39 145920 c:\windows\SysWOW64\cfgmgr32.dll
    - 2011-02-28 06:16 . 2010-11-20 12:18 145920 c:\windows\SysWOW64\cfgmgr32.dll
    + 2011-01-22 02:49 . 2011-07-01 01:14 229960 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2011-06-29 13:21 . 2011-05-24 11:42 404480 c:\windows\system32\umpnpmgr.dll
    - 2011-02-28 06:16 . 2010-11-20 13:27 404480 c:\windows\system32\umpnpmgr.dll
    + 2011-06-29 13:21 . 2011-05-04 05:19 249856 c:\windows\system32\SearchProtocolHost.exe
    - 2009-07-14 00:30 . 2009-07-14 01:39 249856 c:\windows\system32\SearchProtocolHost.exe
    + 2011-06-29 13:21 . 2011-05-04 05:19 591872 c:\windows\system32\SearchIndexer.exe
    - 2009-07-14 00:29 . 2009-07-14 01:39 113664 c:\windows\system32\SearchFilterHost.exe
    + 2011-06-29 13:21 . 2011-05-04 05:19 113664 c:\windows\system32\SearchFilterHost.exe
    - 2011-02-28 06:16 . 2010-11-20 13:27 778752 c:\windows\system32\mssvp.dll
    + 2011-06-29 13:21 . 2011-05-04 05:22 778752 c:\windows\system32\mssvp.dll
    + 2011-06-29 13:21 . 2011-05-04 05:22 288256 c:\windows\system32\mssphtb.dll
    - 2011-02-28 06:16 . 2010-11-20 13:27 288256 c:\windows\system32\mssphtb.dll
    + 2011-06-29 13:21 . 2011-05-04 05:22 491520 c:\windows\system32\mssph.dll
    - 2009-07-14 00:30 . 2009-07-14 01:41 491520 c:\windows\system32\mssph.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 982240 c:\windows\system32\igkrng500.bin
    + 2010-10-16 09:35 . 2010-10-16 09:35 162328 c:\windows\system32\igfxtray.exe
    + 2010-10-16 09:01 . 2010-10-16 09:01 380416 c:\windows\system32\igfxTMM.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 509464 c:\windows\system32\igfxsrvc.exe
    + 2010-10-16 09:00 . 2010-10-16 09:00 830464 c:\windows\system32\igfxress.dll
    + 2010-07-21 18:28 . 2010-10-16 09:01 244224 c:\windows\system32\igfxpph.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 415256 c:\windows\system32\igfxpers.exe
    + 2010-10-16 09:35 . 2010-10-16 09:35 223768 c:\windows\system32\igfxext.exe
    + 2010-10-16 09:00 . 2010-10-16 09:00 142336 c:\windows\system32\igfxdo.dll
    - 2010-07-21 18:28 . 2010-01-08 03:40 142336 c:\windows\system32\igfxdo.dll
    + 2010-07-21 18:28 . 2010-10-16 09:00 271360 c:\windows\system32\igfxdev.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 439308 c:\windows\system32\igcompkrng500.bin
    + 2010-10-16 09:35 . 2010-10-16 09:35 386584 c:\windows\system32\hkcmd.exe
    + 2010-07-21 18:28 . 2010-10-16 09:00 108032 c:\windows\system32\hccutils.dll
    + 2010-10-16 09:00 . 2010-10-16 09:00 119808 c:\windows\system32\gfxSrvc.dll
    + 2011-06-14 14:22 . 2011-06-29 18:32 353584 c:\windows\system32\FNTCACHE.DAT
    - 2011-06-14 14:22 . 2011-06-15 03:54 353584 c:\windows\system32\FNTCACHE.DAT
    + 2009-07-14 05:30 . 2011-06-30 02:12 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-05-12 19:59 143360 c:\windows\system32\DriverStore\infstrng.dat
    - 2009-07-14 05:30 . 2011-05-12 19:59 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2009-07-14 05:30 . 2011-06-30 02:12 143360 c:\windows\system32\DriverStore\infstor.dat
    + 2010-10-16 08:51 . 2010-10-16 08:51 205824 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\iglhsip64.dll
    + 2010-10-16 08:51 . 2010-10-16 08:51 208896 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\iglhsip32.dll
    + 2010-10-16 08:51 . 2010-10-16 08:51 187392 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\iglhcp64.dll
    + 2010-10-16 08:51 . 2010-10-16 08:51 143360 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\iglhcp32.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 870560 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igkrng575.bin
    + 2010-10-16 09:27 . 2010-10-16 09:27 982240 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igkrng500.bin
    + 2010-10-16 09:35 . 2010-10-16 09:35 162328 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxtray.exe
    + 2010-10-16 09:01 . 2010-10-16 09:01 380416 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxTMM.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 509464 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxsrvc.exe
    + 2010-10-16 09:00 . 2010-10-16 09:00 830464 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxress.dll
    + 2010-10-16 09:01 . 2010-10-16 09:01 244224 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxpph.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 415256 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxpers.exe
    + 2010-10-16 09:35 . 2010-10-16 09:35 223768 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxext.exe
    + 2010-10-16 08:56 . 2010-10-16 08:56 228864 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxdv32.dll
    + 2010-10-16 09:00 . 2010-10-16 09:00 142336 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxdo.dll
    + 2010-10-16 09:00 . 2010-10-16 09:00 271360 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfxdev.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 104796 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igfcg575m.bin
    + 2010-10-16 09:22 . 2010-10-16 09:22 571904 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igdumdx32.dll
    + 2010-10-16 09:27 . 2010-10-16 09:27 127868 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igcompkrng575.bin
    + 2010-10-16 09:27 . 2010-10-16 09:27 439308 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igcompkrng500.bin
    + 2010-10-16 09:35 . 2010-10-16 09:35 386584 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\hkcmd.exe
    + 2010-10-16 09:00 . 2010-10-16 09:00 108032 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\hccutils.dll
    + 2010-10-16 09:00 . 2010-10-16 09:00 119808 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\gfxSrvc.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 152600 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\difx64.exe
    - 2010-07-21 18:28 . 2010-01-08 04:42 152600 c:\windows\system32\difx64.exe
    + 2010-10-16 09:35 . 2010-10-16 09:35 152600 c:\windows\system32\difx64.exe
    - 2009-07-14 05:12 . 2011-06-26 02:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2011-07-01 20:27 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2011-07-02 04:38 334680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-06-29 13:21 . 2011-05-04 04:34 1549312 c:\windows\SysWOW64\tquery.dll
    - 2011-02-28 06:17 . 2010-11-20 12:19 1401344 c:\windows\SysWOW64\mssrch.dll
    + 2011-06-29 13:21 . 2011-05-04 04:32 1401344 c:\windows\SysWOW64\mssrch.dll
    + 2010-10-16 09:24 . 2010-10-16 09:24 4966400 c:\windows\SysWOW64\igdumd32.dll
    + 2010-10-16 09:19 . 2010-10-16 09:19 4410880 c:\windows\SysWOW64\igd10umd32.dll
    + 2011-06-29 13:21 . 2011-05-04 05:25 2315776 c:\windows\system32\tquery.dll
    + 2011-06-29 13:21 . 2011-05-04 05:22 2223616 c:\windows\system32\mssrch.dll
    - 2011-02-28 06:17 . 2010-11-20 13:27 2223616 c:\windows\system32\mssrch.dll
    + 2010-10-16 09:28 . 2010-10-16 09:28 6548480 c:\windows\system32\igdumd64.dll
    + 2010-07-21 18:28 . 2010-10-16 09:21 4720640 c:\windows\system32\igd10umd64.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 3156504 c:\windows\system32\GfxUI.exe
    + 2010-10-16 09:28 . 2010-10-16 09:28 6548480 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igdumd64.dll
    + 2010-10-16 09:24 . 2010-10-16 09:24 4966400 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igdumd32.dll
    + 2010-10-16 09:21 . 2010-10-16 09:21 4720640 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igd10umd64.dll
    + 2010-10-16 09:19 . 2010-10-16 09:19 4410880 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igd10umd32.dll
    + 2010-10-16 09:35 . 2010-10-16 09:35 3156504 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\GfxUI.exe
    - 2009-07-14 04:45 . 2011-06-15 03:56 7174758 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-06-29 18:34 7174758 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2010-11-20 13:36 . 2011-07-01 23:50 1869928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-12-26 01:22 . 2011-07-02 04:38 7969200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-913013744-1395498927-1650167935-1000-12288.dat
    + 2010-10-16 09:06 . 2010-10-16 09:06 11039232 c:\windows\SysWOW64\ig4icd32.dll
    + 2009-07-14 02:34 . 2011-06-29 18:32 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-06-15 03:53 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2010-10-16 09:13 . 2010-10-16 09:13 15032320 c:\windows\system32\ig4icd64.dll
    + 2010-10-16 09:28 . 2010-10-16 09:28 10619296 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\igdkmd64.sys
    + 2010-10-16 09:13 . 2010-10-16 09:13 15032320 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\ig4icd64.dll
    + 2010-10-16 09:06 . 2010-10-16 09:06 11039232 c:\windows\system32\DriverStore\FileRepository\kit29003.inf_amd64_neutral_81f50fe749fb2a42\ig4icd32.dll
    + 2010-10-16 09:28 . 2010-10-16 09:28 10619296 c:\windows\system32\drivers\igdkmd64.sys
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "Malwarebytes' Anti-Malware"="c:\all programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 !SASCORE;SAS Core Service;c:\all programs\SAS\SASCORE64.EXE [2011-05-04 128384]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MBAMService;MBAMService;c:\all programs\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\all programs\SAS\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\all programs\SAS\SASKUTIL64.SYS [2010-02-17 12360]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000Core.job
    - c:\users\KVC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 15:46]
    .
    2011-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000UA.job
    - c:\users\KVC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-19 15:46]
    .
    2011-07-01 c:\windows\Tasks\HPCeeScheduleForKVC.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    2011-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
    "EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
    "LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-16 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-16 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Subscribe in RSS Bandit - c:\users\KVC\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    FF - ProfilePath - c:\users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.032"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.abr"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ani"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.apd"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.arw"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bay"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.bmp"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.bw"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.cr2"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.crw"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cs1"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.cur"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.dcr"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dcx"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.dib"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djv"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.djvu"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.dng"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.emf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.eps"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.erf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fff"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.fpx"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.gif"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.hdr"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icl"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.icn"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.iff"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ilbm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.int"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.inta"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.iw4"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2c"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.j2k"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jbr"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jfif"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jif"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jp2"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpc"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.jpe"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.jpeg"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.jpg"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpk"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.jpx"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.kdc"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.lbm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mef"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.mos"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.mrw"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.nef"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.nrw"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.orf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pbr"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcd"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pct"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pcx"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.pef"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pgm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pic"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pict"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pix"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.png"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ppm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psd"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.psp"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.pspimage"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.raf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ras"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.raw"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgb"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rgba"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rle"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rsb"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.rw2"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.rwl"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.sgi"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.sr2"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.srf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.tga"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.thm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.tif"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-913013744-1395498927-1650167935-1000)
    "Progid"="ACDSee Pro 3.tiff"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttc"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.ttf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.v10o"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.v10p"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.v10pf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30po"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30pp"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.v30ppf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wbmp"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.wmf"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xbm"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xif"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xmp"
    .
    [HKEY_USERS\S-1-5-21-913013744-1395498927-1650167935-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 3.xpm"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-02 00:46:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-02 04:46
    .
    Pre-Run: 899,639,566,336 bytes free
    Post-Run: 899,555,561,472 bytes free
    .
    - - End Of File - - 90D5A509789EAB4E1BC37DC162A10F41

Page 2 of 4 FirstFirst 1234 LastLast