UPDATE
i run combofix, it solve the explorer and the public document on booting problem.
BUT now all my hidden system folder in c: (the folder that supposed to show up when i uncheck hide operating system file in folder option) are visible. its kinda annoying cause there are alot of folders. so is there any way to turn them back to system folder?
here is the log
ComboFix 09-11-19.05 - aein 11/20/2009 22:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.842 [GMT 8:00]
Running from: c:\downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2934125007-3969265457-709946265-1001
c:\$recycle.bin\S-1-5-21-2934125007-3969265457-709946265-1002
c:\program files\mIRC\IRC Bot
c:\program files\mIRC\IRC Bot\Anjing_Malingsia.sys
c:\program files\mIRC\IRC Bot\[bleep].sys
c:\program files\mIRC\IRC Bot\Channel_Babi.sys
c:\program files\mIRC\IRC Bot\control.ini
c:\program files\mIRC\IRC Bot\[bleep].sys
c:\program files\mIRC\IRC Bot\kontol.mrc
c:\program files\mIRC\IRC Bot\Nama_Anjing.sys
c:\program files\mIRC\IRC Bot\Nama_Babi.sys
c:\program files\mIRC\IRC Bot\perampok_budaya.sys
c:\program files\mIRC\IRC Bot\remote.ini
c:\program files\mIRC\IRC Bot\Stupid.sys
c:\program files\mIRC\IRC Bot\svchost.exe
c:\recycler\S-1-5-21-0147775265-5793222581-540407657-3710
c:\recycler\S-1-5-21-0345404700-3692650433-259988762-0466
c:\recycler\S-1-5-21-0964458249-1971094078-489830267-9022
c:\recycler\S-1-5-21-1074161499-2078867138-976856687-0982
c:\recycler\S-1-5-21-1238510149-8713597356-715339106-9351
c:\recycler\S-1-5-21-1254634954-7669533011-773414730-3020
c:\recycler\S-1-5-21-1601151327-2486629867-574734261-3126
c:\recycler\S-1-5-21-1638629780-8176812923-674170590-5840
c:\recycler\S-1-5-21-1773503935-4755217818-254291845-2311
c:\recycler\S-1-5-21-1857515555-2160908199-840067042-9228
c:\recycler\S-1-5-21-1860309000-8165470470-248484697-2773
c:\recycler\S-1-5-21-2052111302-1788223648-1801674531-1004
c:\recycler\S-1-5-21-2131833704-0577739308-492403751-9185
c:\recycler\S-1-5-21-2260021406-9926212202-514295658-4442
c:\recycler\S-1-5-21-2261396384-7112414015-891965972-6106
c:\recycler\S-1-5-21-2605856459-8557283343-225905713-2076
c:\recycler\S-1-5-21-2684545926-8043607960-855646999-9781
c:\recycler\S-1-5-21-3130547171-1367995607-577691004-7744
c:\recycler\S-1-5-21-3262393629-2820884543-838888090-5889
c:\recycler\S-1-5-21-3285788125-7934315091-110319355-4874
c:\recycler\S-1-5-21-3391198061-7703342066-035638756-6273
c:\recycler\S-1-5-21-3395309936-5163726661-818419343-8339
c:\recycler\S-1-5-21-3477681771-7616796501-666571644-7256
c:\recycler\S-1-5-21-3651926459-4294411484-621500377-4230
c:\recycler\S-1-5-21-3809740595-2997119570-330471956-3002
c:\recycler\S-1-5-21-3968526254-2097518627-108247127-0023
c:\recycler\S-1-5-21-4032641494-4286440205-964303373-5386
c:\recycler\S-1-5-21-4291912282-8932329324-368397396-7179
c:\recycler\S-1-5-21-4481791377-1858117633-098207464-5309
c:\recycler\S-1-5-21-4515646512-8874293163-366650755-3531
c:\recycler\S-1-5-21-4604410678-9622982814-835089488-4322
c:\recycler\S-1-5-21-5337950916-1500242255-298154333-9602
c:\recycler\S-1-5-21-5655277359-2005862155-504730299-5896
c:\recycler\S-1-5-21-5700963769-7500498030-220784515-7352
c:\recycler\S-1-5-21-6263704189-6948390760-914027847-6228
c:\recycler\S-1-5-21-6607946349-0146224057-835946520-0059
c:\recycler\S-1-5-21-6742953936-4929512645-932966102-0535
c:\recycler\S-1-5-21-7078512834-7072831087-833050966-5785
c:\recycler\S-1-5-21-7379270064-8106066200-796830094-7024
c:\recycler\S-1-5-21-7458110167-9778342673-732652941-8356
c:\recycler\S-1-5-21-7576489154-5835870282-450920987-8057
c:\recycler\S-1-5-21-7663150374-4502098768-854453871-1568
c:\recycler\S-1-5-21-7804598839-2674288071-583012542-7076
c:\recycler\S-1-5-21-7955976236-4611731007-705812812-6598
c:\recycler\S-1-5-21-8212385731-9752773091-667015142-0183
c:\recycler\S-1-5-21-8329379778-2843663817-092417190-8215
c:\recycler\S-1-5-21-8390142674-4524372347-641017098-0297
c:\recycler\S-1-5-21-8477239387-7690941194-996173024-6608
c:\recycler\S-1-5-21-8516347946-5747884598-392614766-1321
c:\recycler\S-1-5-21-8960181890-0036940789-834046181-2292
c:\recycler\S-1-5-21-9106753524-3320888508-950887615-9572
c:\recycler\S-1-5-21-9323242357-0125957528-878661011-1266
c:\recycler\S-1-5-21-9853297848-6540112035-166179871-9488
c:\users\Administrator\secupdat.dat
c:\users\aein\AppData\Roaming\Desktopicon
c:\users\aein\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\aein\secupdat.dat
c:\windows\kdcoms.dll
c:\windows\system32\com.run
c:\windows\system32\dp1.fne
c:\windows\system32\eAPI.fne
c:\windows\system32\internet.fne
c:\windows\system32\krnln.fnr
c:\windows\system32\og.dll
c:\windows\system32\og.edt
c:\windows\system32\RegEx.fnr
c:\windows\system32\secupdat.dat
c:\windows\system32\shell.fne
c:\windows\system32\spec.fne
c:\windows\system32\ul.dll
D:\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.
2009-11-20 12:49 . 2008-01-21 02:25 25088 ----a-w- c:\windows\system32\userinit.exe
2009-11-20 08:24 . 2009-11-20 08:24 -------- d-----w- c:\program files\VS Revo Group
2009-11-20 08:22 . 2009-11-20 08:22 -------- d-----w- c:\program files\Defraggler
2009-11-20 08:10 . 2009-11-20 08:10 -------- d-----w- c:\program files\CCleaner
2009-11-20 08:03 . 2008-03-07 05:46 101504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-11-20 08:02 . 2009-11-20 08:02 -------- d-----w- c:\programdata\Vodafone
2009-11-20 08:02 . 2009-11-20 08:02 -------- d-----w- c:\program files\Vodafone
2009-11-17 15:31 . 2009-11-17 15:35 -------- d-----w- c:\users\aein\AppData\Local\Google
2009-11-17 15:31 . 2009-11-17 15:31 -------- d-----w- c:\program files\Google
2009-11-16 17:19 . 2009-11-20 14:10 4096 d-----w- c:\users\aein\AppData\Roaming\Skype
2009-11-16 17:18 . 2009-11-16 17:18 -------- d-----w- c:\program files\Common Files\Skype
2009-11-16 15:52 . 2009-11-16 15:52 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2009-11-16 15:48 . 2009-11-16 15:48 -------- d-----w- c:\users\Administrator\AppData\Local\Stardock
2009-11-16 11:46 . 2009-11-16 11:46 148736 ----a-w- c:\programdata\hpeB3B5.dll
2009-11-16 11:46 . 2008-01-09 04:28 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-11-16 11:45 . 2009-11-16 11:45 4096 d-----w- c:\program files\Avanquest update
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 14:49 . 2008-12-27 09:44 408803616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-20 14:45 . 2009-01-13 12:02 -------- d-----w- c:\program files\mIRC
2009-11-20 14:16 . 2008-12-27 09:41 4096 d-----w- c:\users\aein\AppData\Roaming\Orbit
2009-11-20 14:12 . 2008-12-27 09:41 4096 d-----w- c:\program files\Orbitdownloader
2009-11-20 13:21 . 2008-12-27 09:44 4096 d-----w- c:\programdata\Kaspersky Lab
2009-11-20 13:20 . 2008-12-27 13:55 -------- d-----w- c:\users\aein\AppData\Roaming\WTablet
2009-11-20 12:50 . 2008-12-27 09:44 5489288 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-20 12:05 . 2008-12-27 11:12 4096 d-----w- c:\users\aein\AppData\Roaming\skypePM
2009-11-20 08:28 . 2008-12-27 11:15 -------- d-----w- c:\program files\epson
2009-11-20 08:15 . 2008-12-27 14:36 -------- d-----w- c:\program files\Yahoo!
2009-11-20 08:15 . 2009-08-11 01:14 4096 d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-20 08:13 . 2008-12-27 11:44 -------- d-----w- c:\programdata\EPSON
2009-11-16 17:18 . 2009-09-19 17:24 -------- d-----r- c:\program files\Skype
2009-11-16 17:18 . 2008-12-27 11:08 4096 d-----w- c:\programdata\Skype
2009-11-16 15:47 . 2009-07-26 12:39 4096 d-----w- c:\users\Administrator\AppData\Roaming\Orbit
2009-11-16 15:45 . 2009-04-16 05:48 -------- d-----w- c:\program files\Ninja
2009-11-16 11:46 . 2008-12-27 08:55 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-16 11:46 . 2008-12-27 10:07 -------- d-----w- c:\program files\Sony Ericsson
2009-11-16 11:34 . 2008-12-27 09:44 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-16 11:34 . 2008-12-27 09:44 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-12 07:50 . 2009-07-05 17:05 4096 d-----w- c:\programdata\CanonIJPLM
2009-10-21 17:13 . 2009-08-08 21:44 28672 d-----w- c:\program files\Mobile Partner
2009-10-12 12:23 . 2009-10-12 12:23 -------- d-----w- c:\programdata\Zylom
2009-10-12 12:22 . 2009-08-29 13:36 -------- d-----w- c:\users\aein\AppData\Roaming\GameHouse
2009-10-12 12:20 . 2009-08-29 13:33 4096 d-----w- c:\program files\GameHouse
2009-10-12 08:51 . 2009-10-12 08:51 -------- d-----w- c:\programdata\SpecialBit Games
2009-10-10 10:09 . 2009-10-10 09:18 4096 d-----w- c:\program files\Jewel Match
2009-10-10 06:48 . 2009-10-10 06:48 -------- d-----w- c:\users\aein\AppData\Roaming\Gogii Games
2009-10-10 06:48 . 2009-10-10 06:48 -------- d-----w- c:\programdata\Gogii Games
2009-10-07 17:00 . 2009-10-07 17:00 -------- d-----w- c:\programdata\NannyMania
2009-10-05 09:31 . 2009-10-03 18:21 -------- d-----w- c:\users\aein\AppData\Roaming\PlayFirst
2009-10-05 09:31 . 2009-10-03 18:21 -------- d-----w- c:\programdata\PlayFirst
2009-10-05 09:29 . 2009-10-05 09:26 4096 d-----w- c:\program files\Camp Funshine - Carrie the Caregiver 3
2009-10-05 09:23 . 2009-10-03 18:01 -------- d-----w- c:\program files\Alawar
2009-10-03 18:20 . 2009-10-03 18:03 -------- d-----w- c:\programdata\VirtualFarm
2009-09-28 13:04 . 2009-09-03 08:30 4096 d-----w- c:\program files\Mystery Cookbook
2009-09-18 04:31 . 2009-06-11 09:11 110592 ----a-w- c:\users\aein\AppData\Roaming\U3\temp\cleanup.exe
2009-09-18 04:31 . 2009-06-11 09:09 3350528 ---ha-w- c:\users\aein\AppData\Roaming\U3\temp\Launchpad Removal.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-12-27 3581680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2008-12-27 1719496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ninja.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ninja.lnk
backup=c:\windows\pss\ninja.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^aein^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\aein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^aein^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\aein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2934125007-3969265457-709946265-1000]
"EnableNotificationsRef"=dword:00000001
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [10/16/2007 11:05 AM 20496]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [11/16/2009 7:46 PM 27632]
R4 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [12/27/2008 9:53 PM 1373480]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [7/2/2009 6:58 PM 603904]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [3/13/2008 7:08 PM 24576]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [4/6/2009 3:13 PM 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [7/31/2009 11:53 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [7/31/2009 11:53 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [7/31/2009 11:53 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [7/31/2009 11:53 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [7/31/2009 11:53 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [7/31/2009 11:53 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [7/31/2009 11:53 PM 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [7/31/2009 11:53 PM 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [7/31/2009 11:53 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [7/31/2009 11:53 PM 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [7/31/2009 11:53 PM 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [7/31/2009 11:53 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [7/31/2009 11:53 PM 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [7/31/2009 11:53 PM 109736]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [11/16/2009 7:46 PM 90112]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-11-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 13:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\aein\AppData\Roaming\Mozilla\Firefox\Profiles\bqab3m95.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\
[email protected]\components\Shim.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-20 22:48
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Gif"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Png"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2934125007-3969265457-709946265-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
[HKEY_USERS\S-1-5-21-2934125007-3969265457-709946265-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(3356)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\windows\system32\NSI.dll
- - - - - - - > 'lsass.exe'(684)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2009-11-20 22:55
ComboFix-quarantined-files.txt 2009-11-20 14:55
Pre-Run: 7,965,351,936 bytes free
Post-Run: 8,723,943,424 bytes free
- - End Of File - - 42D4A337B435BF915F13EB39B34A7109
Hijackthis new logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:51 PM, on 11/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{5235AF4A-3814-4AC4-9AFE-53BF2BBA3463}: NameServer = 203.82.64.41 203.82.64.67
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
--
End of file - 4813 bytes
Sign In
Create Account
