Infection checkup, what do you guys think ?

Status
Not open for further replies.

DemonoidMaster

Beta member
Messages
3
Alright, so i do know one thing.. i have common sense and know where and where not to go while on the internet (also, i'm not like those ppl who DL all kinds of crap from random places and clicks on random ****).

However, because of that i know my laptop is running like a Boss :p and has been ever since i bought it.. (did have minor probs like my HDD that broke... or that time i got mad at my **** integrated Webcam and smashed my fist in my screen lol)
So all i'm doing now is did the Scans for CF, HJT and MbAM... so can you guys get an opinion on this ?? is there anything wrong with the lappy??

-Followed the tut over from Spyware-Asylum, will post the results-

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7446

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/08/2011 12:39:51 PM
mbam-log-2011-08-12 (12-39-46).txt

Scan type: Quick scan
Objects scanned: 157134
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\administrator\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

ComboFix 11-08-12.01 - Administrator 12/08/2011 11:46:49.1.2 - x86
/b/ Windows OVER 9000!!! 6.1.7601.1.1252.2.1033.18.1406.775 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2013-05-12 11:02 . 2013-05-12 11:02 -------- d-----w- c:\programdata\TechSmith
2013-05-12 11:02 . 2013-05-12 11:02 -------- d-----w- c:\program files\TechSmith
2013-05-12 10:56 . 2013-05-12 10:56 -------- d-----w- c:\program files\Audio Spek
2013-05-12 10:53 . 2011-07-24 19:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-12 10:53 . 2011-06-19 16:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-12 10:48 . 2011-06-12 15:51 -------- d-----w- c:\program files\Copytrans
2013-05-12 10:48 . 2011-08-10 04:14 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2011-08-12 15:58 . 2011-08-12 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 21:03 . 2011-08-10 21:03 -------- d-----w- c:\program files\iPod
2011-08-10 15:38 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 15:37 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 15:37 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 15:37 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 15:37 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 15:37 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 15:37 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-08 16:12 . 2011-08-08 16:12 -------- d-----w- c:\programdata\ATI
2011-08-08 16:12 . 2011-08-08 16:12 -------- d-----w- c:\program files\AMD APP
2011-08-06 18:17 . 2011-08-06 18:17 -------- d-----w- c:\users\Administrator\.thumbnails
2011-08-06 05:04 . 2011-08-06 05:04 -------- d-----w- c:\program files\Common Files\Nero
2011-08-06 05:04 . 2011-08-06 05:04 -------- d-----w- c:\program files\Nero
2011-08-05 06:38 . 2011-08-05 06:38 -------- d-----w- c:\program files\TransMac
2011-08-05 06:38 . 2011-08-05 06:38 -------- d-----w- c:\users\Administrator\AppData\Local\TransMac
2011-08-05 01:51 . 2011-08-05 01:51 -------- d-----w- c:\program files\Safari
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\program files\QuickTime
2011-08-05 01:27 . 2011-08-05 01:27 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2011-08-04 03:24 . 2011-08-06 10:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2011-08-04 03:24 . 2011-08-06 10:45 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer
2011-08-04 03:23 . 2011-08-10 21:33 -------- d-----w- c:\program files\iTunes
2011-08-04 03:23 . 2011-08-04 03:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-04 03:22 . 2011-08-04 03:22 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2011-08-04 03:22 . 2011-08-04 03:22 -------- d-----w- c:\program files\Apple Software Update
2011-08-04 03:21 . 2011-08-04 03:22 -------- d-----w- c:\program files\Bonjour
2011-08-04 03:21 . 2011-08-10 21:03 -------- d-----w- c:\program files\Common Files\Apple
2011-08-04 00:38 . 2011-08-05 01:03 -------- d-----w- c:\program files\Microsoft Silverlight
2011-08-04 00:38 . 2011-08-12 15:58 -------- d-----w- c:\users\Administrator\AppData\Local\Temp
2011-08-03 05:23 . 2011-08-12 15:05 -------- d-----w- c:\program files\Aurora
2011-08-01 16:59 . 2011-08-01 16:59 -------- d-----w- c:\program files\Common Files\Java
2011-07-24 10:16 . 2010-11-29 21:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-07-24 09:46 . 2011-08-05 01:32 -------- d-----w- c:\programdata\Apple Computer
2011-07-24 09:45 . 2011-07-28 03:46 -------- d-----w- c:\programdata\Apple
2011-07-24 09:37 . 2004-08-05 00:00 3584 ----a-w- c:\windows\system32\temp.000
2011-07-24 09:19 . 2011-07-24 09:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\windows\system32\Wat
2011-07-23 08:08 . 2011-07-23 08:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\HandBrake
2011-07-23 08:08 . 2011-07-23 08:08 -------- d-----w- c:\users\Administrator\AppData\Local\HandBrake
2011-07-23 08:08 . 2011-08-01 16:58 -------- d-----w- c:\program files\Java
2011-07-23 04:39 . 2011-08-10 15:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 04:35 . 2011-07-23 04:35 -------- d-----w- c:\windows\system32\Adobe
2011-07-23 04:24 . 2011-07-23 04:24 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-07-22 06:07 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-22 06:07 . 2011-07-22 06:07 -------- d-----w- c:\program files\VS Revo Group
2011-07-22 04:16 . 2011-08-04 01:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\Auslogics
2011-07-22 04:14 . 2011-07-22 04:14 -------- d-----w- c:\program files\Auslogics
2011-07-20 10:38 . 2011-07-22 03:35 -------- d-----w- c:\windows\W7SBC
2011-07-17 23:51 . 2011-07-18 01:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nero
2011-07-17 23:08 . 2011-07-17 23:10 -------- d-----w- c:\programdata\Nero
2011-07-14 18:30 . 2011-07-14 18:30 56454656 ----a-w- c:\windows\system32\imageres.dll
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- c:\programdata\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 16:58 . 2011-06-12 09:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-29 03:14 . 2011-06-12 00:25 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 21:44 . 2011-07-03 06:27 299640 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\symnets.sys
2011-07-08 03:37 . 2011-07-08 03:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-08 03:36 . 2011-07-08 03:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 23:46 . 2011-07-07 23:46 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 21:39 . 2011-07-07 21:39 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-07 19:50 . 2011-07-07 19:50 1483264 ----a-w- c:\windows\system32\RCoRes.dat
2011-07-07 12:09 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-07 01:42 . 2011-07-07 01:42 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 17:27 . 2011-07-06 17:27 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-03 06:27 . 2011-07-03 06:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-01 18:05 . 2011-07-01 18:05 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 22:00 . 2011-06-30 18:33 205949 ----a-w- c:\programdata\bdinstall.bin
2011-06-30 20:14 . 2011-06-30 20:14 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 18:53 . 2011-06-27 18:53 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 18:53 . 2011-06-27 18:53 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-16 07:34 . 2011-06-16 07:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 07:34 . 2011-06-16 07:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-12 13:37 . 2009-07-13 23:24 254976 ----a-w- c:\windows\system32\uDWM.dll
2011-06-12 13:37 . 2009-07-13 23:24 95744 ----a-w- c:\windows\system32\dwm.exe
2011-06-12 10:44 . 2011-06-12 10:44 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-06-12 08:43 . 2011-06-11 22:56 29184 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-06-12 08:23 . 2011-06-11 22:56 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 23:53 . 2011-06-11 23:53 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-11 23:53 . 2011-06-11 23:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-11 23:53 . 2011-06-11 23:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-11 23:53 . 2011-06-11 23:53 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-11 23:53 . 2011-06-11 23:53 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-11 23:53 . 2011-06-11 23:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-11 23:53 . 2011-06-11 23:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-11 23:53 . 2011-06-11 23:53 367104 ----a-w- c:\windows\system32\html.iec
2011-06-11 23:53 . 2011-06-11 23:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-11 23:53 . 2011-06-11 23:53 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-11 23:53 . 2011-06-11 23:53 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-11 23:53 . 2011-06-11 23:53 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-11 23:53 . 2011-06-11 23:53 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-11 23:53 . 2011-06-11 23:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-11 23:53 . 2011-06-11 23:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-11 23:53 . 2011-06-11 23:53 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-11 23:53 . 2011-06-11 23:53 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-11 23:53 . 2011-06-11 23:53 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-11 23:28 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-06-11 23:28 . 2010-11-20 21:29 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-06-11 23:28 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-06-11 05:58 . 2011-06-11 05:58 81744 ----a-w- c:\windows\system32\mfcm100u.dll
2011-06-11 05:58 . 2011-06-11 05:58 81744 ----a-w- c:\windows\system32\mfcm100.dll
2011-06-11 05:58 . 2011-06-11 05:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-11 05:58 . 2011-06-11 05:58 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-06-11 05:58 . 2011-06-11 05:58 64336 ----a-w- c:\windows\system32\mfc100deu.dll
2011-06-11 05:58 . 2011-06-11 05:58 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-06-11 05:58 . 2011-06-11 05:58 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-06-11 05:58 . 2011-06-11 05:58 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-06-11 05:58 . 2011-06-11 05:58 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-06-11 05:58 . 2011-06-11 05:58 51024 ----a-w- c:\windows\system32\vcomp100.dll
2011-06-11 05:58 . 2011-06-11 05:58 4422992 ----a-w- c:\windows\system32\mfc100u.dll
2011-06-11 05:58 . 2011-06-11 05:58 4397384 ----a-w- c:\windows\system32\mfc100.dll
2011-06-11 05:58 . 2011-06-11 05:58 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-06-11 05:58 . 2011-06-11 05:58 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-06-11 05:58 . 2011-06-11 05:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-11 05:58 . 2011-06-11 05:58 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-06-11 05:58 . 2011-06-11 05:58 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-06-11 05:58 . 2011-06-11 05:58 138056 ----a-w- c:\windows\system32\atl100.dll
2011-06-11 02:29 . 2011-07-13 10:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 21:35 . 2011-06-23 09:43 357200 ----a-w- c:\windows\system32\KAAPORT.dll
2011-06-10 18:34 . 2011-07-11 13:15 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-10 18:34 . 2011-07-11 13:15 394856 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-10 18:34 . 2011-03-21 17:22 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 21:05 . 2011-06-09 21:05 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-06 16:29 . 2011-06-12 10:40 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:24 . 2011-06-12 10:40 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-06-06 16:23 . 2011-06-12 10:40 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-31 13:42 . 2011-06-23 09:42 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 13:42 . 2011-06-23 09:42 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 13:42 . 2011-06-23 09:42 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 13:42 . 2011-06-23 09:42 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-30 08:20 . 2010-11-20 21:29 432640 ----a-w- c:\windows\system32\winresume.exe
2011-05-30 08:20 . 2010-11-20 21:29 498176 ----a-w- c:\windows\system32\winload.exe
2011-05-27 21:58 . 2011-06-11 23:02 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-24 23:14 . 2011-06-11 21:48 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-24 23:12 . 2011-06-11 21:48 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E23790-2557-420A-A4B3-4F87C1A9864E}\mpengine.dll
2011-05-24 10:44 . 2011-06-29 07:40 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C9CBE13FB24207CB11C7D4705D4D93E5 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"CD Art Display"="c:\program files\CD Art Display\CAD.exe" [2010-08-12 2691072]
"Rainmeter"="c:\program files\Rainmeter\Rainmeter.exe" [2011-07-31 19968]
"Synaptics Touchpad"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-16 1996072]
"XWD"="c:\program files\XWindows Dock\XWD.exe" [2010-11-13 2217472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R3 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 294400]
R3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-07-24 23456]
R3 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
R3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
R3 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-06 1524544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-23 1343400]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110811.030\IDSvix86.sys [2011-08-02 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-07-08 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dgxbe1ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.tabMinWidth - 125
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_open_feature.location - true
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.resizable - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
c3,7b,f3,34,08,a9,7b,d6,65,c2,85,ce,b7
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:90,d9,41,75,94,28,cc,01
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,d9,51,ec,74,32,0d,49,8d,33,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,d9,51,ec,74,32,0d,49,8d,33,b7,\
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSV"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\ResHacker.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="srt_auto_file"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SWF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="uTorrent"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (Administrator)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2498218E-30F9-32B3-0314-EE1BFF06D546}*]
"namokeahdkfocbldgkoepdejgljj"=hex:69,61,6c,62,63,70,61,61,6c,6d,67,70,65,6d,
62,65,67,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\ 0F*u*c*k*i*n*'* *N*o*t*e*p*a*d*
0\command]
@="notepad.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\ 0K*i*l*l* *d*e*a*d* *t*a*s*k*s*
0\command]
@="taskkill /F /FI \"STATUS eq NOT RESPONDING\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\ 0R*e*s*t*a*r*t* *E*x*p*l*o*r*e*r*
0\command]
@="c:\\Program Files\\Se7en Mod Tools\\Restart_Explorer.bat"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\ 0V*i*s*u*a*l* *S*t*y*l*e*
0\command]
"DelegateExecute"="{06622D85-6856-4460-8DE1-A81921B41C4B}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\ 0W*a*l*l*p*a*p*e*r*
0\command]
@="control desk.cpl,,@desktop"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-12 12:15:04
ComboFix-quarantined-files.txt 2011-08-12 16:14
.
Pre-Run: 114,601,943,040 bytes free
Post-Run: 114,503,319,552 bytes free
.
- - End Of File - - 6C9E0B192F4AE3C8AF91D2ACFC380E3D
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:58:09 PM, on 12/08/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Aurora\firefox.exe
C:\Windows\explorer.exe
C:\Users\Administrator\Desktop\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ÿþ# Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [CD Art Display] "C:\Program Files\CD Art Display\CAD.exe"
O4 - HKCU\..\Run: [Rainmeter] "C:\Program Files\Rainmeter\Rainmeter.exe"
O4 - HKCU\..\Run: [Synaptics Touchpad] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKCU\..\Run: [XWD] "C:\Program Files\XWindows Dock\XWD.exe"
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: PS3 Media Server - Tanuki Software, Ltd. - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 4155 bytes
 
The only thing I see after Combofix and MBMA is your Hosts files. But I can bet that they are manually modified for a reason...
 
The only thing I see after Combofix and MBMA is your Hosts files. But I can bet that they are manually modified for a reason...
Thanks for your reply, and i'm glad that my PC is really running like a BOSS..

PS: Also, about that HOST file, i do have Spybot - S&D installed and i update it from time to time and then i do Immunize..But there are also some entries that i've added to the HOST file, so i guess that must be it.

PSS: Also, diregard the supposely "infected" Explorer.exe that was on my desktop(false +, it's probly not signed by MS or sumthin'), after combofix ran it showed that i had higher vers. of explorer because of an KB update from MS.. weirdly enough the file didn't get replaced by the new one.. good thing i can always find stuff in the Winsxs folder.
 
Status
Not open for further replies.
Back
Top Bottom