DemonoidMaster
Beta member
- Messages
- 3
Alright, so i do know one thing.. i have common sense and know where and where not to go while on the internet (also, i'm not like those ppl who DL all kinds of crap from random places and clicks on random ****).
However, because of that i know my laptop is running like a Boss and has been ever since i bought it.. (did have minor probs like my HDD that broke... or that time i got mad at my **** integrated Webcam and smashed my fist in my screen lol)
So all i'm doing now is did the Scans for CF, HJT and MbAM... so can you guys get an opinion on this ?? is there anything wrong with the lappy??
-Followed the tut over from Spyware-Asylum, will post the results-
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7446
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
12/08/2011 12:39:51 PM
mbam-log-2011-08-12 (12-39-46).txt
Scan type: Quick scan
Objects scanned: 157134
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\administrator\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
ComboFix 11-08-12.01 - Administrator 12/08/2011 11:46:49.1.2 - x86
/b/ Windows OVER 9000!!! 6.1.7601.1.1252.2.1033.18.1406.775 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2013-05-12 11:02 . 2013-05-12 11:02 -------- d-----w- c:\programdata\TechSmith
2013-05-12 11:02 . 2013-05-12 11:02 -------- d-----w- c:\program files\TechSmith
2013-05-12 10:56 . 2013-05-12 10:56 -------- d-----w- c:\program files\Audio Spek
2013-05-12 10:53 . 2011-07-24 19:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-12 10:53 . 2011-06-19 16:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-12 10:48 . 2011-06-12 15:51 -------- d-----w- c:\program files\Copytrans
2013-05-12 10:48 . 2011-08-10 04:14 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2011-08-12 15:58 . 2011-08-12 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 21:03 . 2011-08-10 21:03 -------- d-----w- c:\program files\iPod
2011-08-10 15:38 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 15:37 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 15:37 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 15:37 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 15:37 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 15:37 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 15:37 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-08 16:12 . 2011-08-08 16:12 -------- d-----w- c:\programdata\ATI
2011-08-08 16:12 . 2011-08-08 16:12 -------- d-----w- c:\program files\AMD APP
2011-08-06 18:17 . 2011-08-06 18:17 -------- d-----w- c:\users\Administrator\.thumbnails
2011-08-06 05:04 . 2011-08-06 05:04 -------- d-----w- c:\program files\Common Files\Nero
2011-08-06 05:04 . 2011-08-06 05:04 -------- d-----w- c:\program files\Nero
2011-08-05 06:38 . 2011-08-05 06:38 -------- d-----w- c:\program files\TransMac
2011-08-05 06:38 . 2011-08-05 06:38 -------- d-----w- c:\users\Administrator\AppData\Local\TransMac
2011-08-05 01:51 . 2011-08-05 01:51 -------- d-----w- c:\program files\Safari
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\program files\QuickTime
2011-08-05 01:27 . 2011-08-05 01:27 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2011-08-04 03:24 . 2011-08-06 10:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2011-08-04 03:24 . 2011-08-06 10:45 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer
2011-08-04 03:23 . 2011-08-10 21:33 -------- d-----w- c:\program files\iTunes
2011-08-04 03:23 . 2011-08-04 03:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-04 03:22 . 2011-08-04 03:22 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2011-08-04 03:22 . 2011-08-04 03:22 -------- d-----w- c:\program files\Apple Software Update
2011-08-04 03:21 . 2011-08-04 03:22 -------- d-----w- c:\program files\Bonjour
2011-08-04 03:21 . 2011-08-10 21:03 -------- d-----w- c:\program files\Common Files\Apple
2011-08-04 00:38 . 2011-08-05 01:03 -------- d-----w- c:\program files\Microsoft Silverlight
2011-08-04 00:38 . 2011-08-12 15:58 -------- d-----w- c:\users\Administrator\AppData\Local\Temp
2011-08-03 05:23 . 2011-08-12 15:05 -------- d-----w- c:\program files\Aurora
2011-08-01 16:59 . 2011-08-01 16:59 -------- d-----w- c:\program files\Common Files\Java
2011-07-24 10:16 . 2010-11-29 21:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-07-24 09:46 . 2011-08-05 01:32 -------- d-----w- c:\programdata\Apple Computer
2011-07-24 09:45 . 2011-07-28 03:46 -------- d-----w- c:\programdata\Apple
2011-07-24 09:37 . 2004-08-05 00:00 3584 ----a-w- c:\windows\system32\temp.000
2011-07-24 09:19 . 2011-07-24 09:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\windows\system32\Wat
2011-07-23 08:08 . 2011-07-23 08:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\HandBrake
2011-07-23 08:08 . 2011-07-23 08:08 -------- d-----w- c:\users\Administrator\AppData\Local\HandBrake
2011-07-23 08:08 . 2011-08-01 16:58 -------- d-----w- c:\program files\Java
2011-07-23 04:39 . 2011-08-10 15:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 04:35 . 2011-07-23 04:35 -------- d-----w- c:\windows\system32\Adobe
2011-07-23 04:24 . 2011-07-23 04:24 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-07-22 06:07 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-22 06:07 . 2011-07-22 06:07 -------- d-----w- c:\program files\VS Revo Group
2011-07-22 04:16 . 2011-08-04 01:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\Auslogics
2011-07-22 04:14 . 2011-07-22 04:14 -------- d-----w- c:\program files\Auslogics
2011-07-20 10:38 . 2011-07-22 03:35 -------- d-----w- c:\windows\W7SBC
2011-07-17 23:51 . 2011-07-18 01:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nero
2011-07-17 23:08 . 2011-07-17 23:10 -------- d-----w- c:\programdata\Nero
2011-07-14 18:30 . 2011-07-14 18:30 56454656 ----a-w- c:\windows\system32\imageres.dll
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- c:\programdata\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 16:58 . 2011-06-12 09:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-29 03:14 . 2011-06-12 00:25 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 21:44 . 2011-07-03 06:27 299640 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\symnets.sys
2011-07-08 03:37 . 2011-07-08 03:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-08 03:36 . 2011-07-08 03:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 23:46 . 2011-07-07 23:46 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 21:39 . 2011-07-07 21:39 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-07 19:50 . 2011-07-07 19:50 1483264 ----a-w- c:\windows\system32\RCoRes.dat
2011-07-07 12:09 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-07 01:42 . 2011-07-07 01:42 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 17:27 . 2011-07-06 17:27 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-03 06:27 . 2011-07-03 06:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-01 18:05 . 2011-07-01 18:05 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 22:00 . 2011-06-30 18:33 205949 ----a-w- c:\programdata\bdinstall.bin
2011-06-30 20:14 . 2011-06-30 20:14 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 18:53 . 2011-06-27 18:53 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 18:53 . 2011-06-27 18:53 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-16 07:34 . 2011-06-16 07:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 07:34 . 2011-06-16 07:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-12 13:37 . 2009-07-13 23:24 254976 ----a-w- c:\windows\system32\uDWM.dll
2011-06-12 13:37 . 2009-07-13 23:24 95744 ----a-w- c:\windows\system32\dwm.exe
2011-06-12 10:44 . 2011-06-12 10:44 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-06-12 08:43 . 2011-06-11 22:56 29184 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-06-12 08:23 . 2011-06-11 22:56 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 23:53 . 2011-06-11 23:53 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-11 23:53 . 2011-06-11 23:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-11 23:53 . 2011-06-11 23:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-11 23:53 . 2011-06-11 23:53 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-11 23:53 . 2011-06-11 23:53 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-11 23:53 . 2011-06-11 23:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-11 23:53 . 2011-06-11 23:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-11 23:53 . 2011-06-11 23:53 367104 ----a-w- c:\windows\system32\html.iec
2011-06-11 23:53 . 2011-06-11 23:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-11 23:53 . 2011-06-11 23:53 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-11 23:53 . 2011-06-11 23:53 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-11 23:53 . 2011-06-11 23:53 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-11 23:53 . 2011-06-11 23:53 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-11 23:53 . 2011-06-11 23:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-11 23:53 . 2011-06-11 23:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-11 23:53 . 2011-06-11 23:53 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-11 23:53 . 2011-06-11 23:53 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-11 23:53 . 2011-06-11 23:53 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-11 23:28 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-06-11 23:28 . 2010-11-20 21:29 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-06-11 23:28 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-06-11 05:58 . 2011-06-11 05:58 81744 ----a-w- c:\windows\system32\mfcm100u.dll
2011-06-11 05:58 . 2011-06-11 05:58 81744 ----a-w- c:\windows\system32\mfcm100.dll
2011-06-11 05:58 . 2011-06-11 05:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-11 05:58 . 2011-06-11 05:58 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-06-11 05:58 . 2011-06-11 05:58 64336 ----a-w- c:\windows\system32\mfc100deu.dll
2011-06-11 05:58 . 2011-06-11 05:58 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-06-11 05:58 . 2011-06-11 05:58 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-06-11 05:58 . 2011-06-11 05:58 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-06-11 05:58 . 2011-06-11 05:58 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-06-11 05:58 . 2011-06-11 05:58 51024 ----a-w- c:\windows\system32\vcomp100.dll
2011-06-11 05:58 . 2011-06-11 05:58 4422992 ----a-w- c:\windows\system32\mfc100u.dll
2011-06-11 05:58 . 2011-06-11 05:58 4397384 ----a-w- c:\windows\system32\mfc100.dll
2011-06-11 05:58 . 2011-06-11 05:58 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-06-11 05:58 . 2011-06-11 05:58 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-06-11 05:58 . 2011-06-11 05:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-11 05:58 . 2011-06-11 05:58 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-06-11 05:58 . 2011-06-11 05:58 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-06-11 05:58 . 2011-06-11 05:58 138056 ----a-w- c:\windows\system32\atl100.dll
2011-06-11 02:29 . 2011-07-13 10:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 21:35 . 2011-06-23 09:43 357200 ----a-w- c:\windows\system32\KAAPORT.dll
2011-06-10 18:34 . 2011-07-11 13:15 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-10 18:34 . 2011-07-11 13:15 394856 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-10 18:34 . 2011-03-21 17:22 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 21:05 . 2011-06-09 21:05 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-06 16:29 . 2011-06-12 10:40 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:24 . 2011-06-12 10:40 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-06-06 16:23 . 2011-06-12 10:40 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-31 13:42 . 2011-06-23 09:42 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 13:42 . 2011-06-23 09:42 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 13:42 . 2011-06-23 09:42 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 13:42 . 2011-06-23 09:42 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-30 08:20 . 2010-11-20 21:29 432640 ----a-w- c:\windows\system32\winresume.exe
2011-05-30 08:20 . 2010-11-20 21:29 498176 ----a-w- c:\windows\system32\winload.exe
2011-05-27 21:58 . 2011-06-11 23:02 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-24 23:14 . 2011-06-11 21:48 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-24 23:12 . 2011-06-11 21:48 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E23790-2557-420A-A4B3-4F87C1A9864E}\mpengine.dll
2011-05-24 10:44 . 2011-06-29 07:40 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C9CBE13FB24207CB11C7D4705D4D93E5 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"CD Art Display"="c:\program files\CD Art Display\CAD.exe" [2010-08-12 2691072]
"Rainmeter"="c:\program files\Rainmeter\Rainmeter.exe" [2011-07-31 19968]
"Synaptics Touchpad"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-16 1996072]
"XWD"="c:\program files\XWindows Dock\XWD.exe" [2010-11-13 2217472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R3 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 294400]
R3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-07-24 23456]
R3 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
R3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
R3 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-06 1524544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-23 1343400]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110811.030\IDSvix86.sys [2011-08-02 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-07-08 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dgxbe1ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.tabMinWidth - 125
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_open_feature.location - true
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.resizable - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
c3,7b,f3,34,08,a9,7b,d6,65,c2,85,ce,b7
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:90,d9,41,75,94,28,cc,01
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,d9,51,ec,74,32,0d,49,8d,33,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,d9,51,ec,74,32,0d,49,8d,33,b7,\
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSV"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\ResHacker.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="srt_auto_file"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SWF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="uTorrent"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (Administrator)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2498218E-30F9-32B3-0314-EE1BFF06D546}*]
"namokeahdkfocbldgkoepdejgljj"=hex:69,61,6c,62,63,70,61,61,6c,6d,67,70,65,6d,
62,65,67,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0F*u*c*k*i*n*'* *N*o*t*e*p*a*d*
0\command]
@="notepad.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0K*i*l*l* *d*e*a*d* *t*a*s*k*s*
0\command]
@="taskkill /F /FI \"STATUS eq NOT RESPONDING\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0R*e*s*t*a*r*t* *E*x*p*l*o*r*e*r*
0\command]
@="c:\\Program Files\\Se7en Mod Tools\\Restart_Explorer.bat"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0V*i*s*u*a*l* *S*t*y*l*e*
0\command]
"DelegateExecute"="{06622D85-6856-4460-8DE1-A81921B41C4B}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0W*a*l*l*p*a*p*e*r*
0\command]
@="control desk.cpl,,@desktop"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-12 12:15:04
ComboFix-quarantined-files.txt 2011-08-12 16:14
.
Pre-Run: 114,601,943,040 bytes free
Post-Run: 114,503,319,552 bytes free
.
- - End Of File - - 6C9E0B192F4AE3C8AF91D2ACFC380E3D
However, because of that i know my laptop is running like a Boss and has been ever since i bought it.. (did have minor probs like my HDD that broke... or that time i got mad at my **** integrated Webcam and smashed my fist in my screen lol)
So all i'm doing now is did the Scans for CF, HJT and MbAM... so can you guys get an opinion on this ?? is there anything wrong with the lappy??
-Followed the tut over from Spyware-Asylum, will post the results-
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7446
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
12/08/2011 12:39:51 PM
mbam-log-2011-08-12 (12-39-46).txt
Scan type: Quick scan
Objects scanned: 157134
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\administrator\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
ComboFix 11-08-12.01 - Administrator 12/08/2011 11:46:49.1.2 - x86
/b/ Windows OVER 9000!!! 6.1.7601.1.1252.2.1033.18.1406.775 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))
.
.
2013-05-12 11:02 . 2013-05-12 11:02 -------- d-----w- c:\programdata\TechSmith
2013-05-12 11:02 . 2013-05-12 11:02 -------- d-----w- c:\program files\TechSmith
2013-05-12 10:56 . 2013-05-12 10:56 -------- d-----w- c:\program files\Audio Spek
2013-05-12 10:53 . 2011-07-24 19:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-12 10:53 . 2011-06-19 16:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-05-12 10:48 . 2011-06-12 15:51 -------- d-----w- c:\program files\Copytrans
2013-05-12 10:48 . 2011-08-10 04:14 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2011-08-12 15:58 . 2011-08-12 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-10 21:03 . 2011-08-10 21:03 -------- d-----w- c:\program files\iPod
2011-08-10 15:38 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 15:37 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 15:37 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 15:37 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 15:37 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-10 15:37 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 15:37 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-08 16:12 . 2011-08-08 16:12 -------- d-----w- c:\programdata\ATI
2011-08-08 16:12 . 2011-08-08 16:12 -------- d-----w- c:\program files\AMD APP
2011-08-06 18:17 . 2011-08-06 18:17 -------- d-----w- c:\users\Administrator\.thumbnails
2011-08-06 05:04 . 2011-08-06 05:04 -------- d-----w- c:\program files\Common Files\Nero
2011-08-06 05:04 . 2011-08-06 05:04 -------- d-----w- c:\program files\Nero
2011-08-05 06:38 . 2011-08-05 06:38 -------- d-----w- c:\program files\TransMac
2011-08-05 06:38 . 2011-08-05 06:38 -------- d-----w- c:\users\Administrator\AppData\Local\TransMac
2011-08-05 01:51 . 2011-08-05 01:51 -------- d-----w- c:\program files\Safari
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-05 01:50 . 2011-08-05 01:50 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-05 01:50 . 2011-08-05 01:50 -------- d-----w- c:\program files\QuickTime
2011-08-05 01:27 . 2011-08-05 01:27 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2011-08-04 03:24 . 2011-08-06 10:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2011-08-04 03:24 . 2011-08-06 10:45 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer
2011-08-04 03:23 . 2011-08-10 21:33 -------- d-----w- c:\program files\iTunes
2011-08-04 03:23 . 2011-08-04 03:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-04 03:22 . 2011-08-04 03:22 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2011-08-04 03:22 . 2011-08-04 03:22 -------- d-----w- c:\program files\Apple Software Update
2011-08-04 03:21 . 2011-08-04 03:22 -------- d-----w- c:\program files\Bonjour
2011-08-04 03:21 . 2011-08-10 21:03 -------- d-----w- c:\program files\Common Files\Apple
2011-08-04 00:38 . 2011-08-05 01:03 -------- d-----w- c:\program files\Microsoft Silverlight
2011-08-04 00:38 . 2011-08-12 15:58 -------- d-----w- c:\users\Administrator\AppData\Local\Temp
2011-08-03 05:23 . 2011-08-12 15:05 -------- d-----w- c:\program files\Aurora
2011-08-01 16:59 . 2011-08-01 16:59 -------- d-----w- c:\program files\Common Files\Java
2011-07-24 10:16 . 2010-11-29 21:38 180224 ----a-w- c:\windows\system32\QTCF.dll
2011-07-24 09:46 . 2011-08-05 01:32 -------- d-----w- c:\programdata\Apple Computer
2011-07-24 09:45 . 2011-07-28 03:46 -------- d-----w- c:\programdata\Apple
2011-07-24 09:37 . 2004-08-05 00:00 3584 ----a-w- c:\windows\system32\temp.000
2011-07-24 09:19 . 2011-07-24 09:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\windows\system32\Wat
2011-07-23 08:08 . 2011-07-23 08:08 -------- d-----w- c:\users\Administrator\AppData\Roaming\HandBrake
2011-07-23 08:08 . 2011-07-23 08:08 -------- d-----w- c:\users\Administrator\AppData\Local\HandBrake
2011-07-23 08:08 . 2011-08-01 16:58 -------- d-----w- c:\program files\Java
2011-07-23 04:39 . 2011-08-10 15:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 04:35 . 2011-07-23 04:35 -------- d-----w- c:\windows\system32\Adobe
2011-07-23 04:24 . 2011-07-23 04:24 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-07-22 06:07 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-07-22 06:07 . 2011-07-22 06:07 -------- d-----w- c:\program files\VS Revo Group
2011-07-22 04:16 . 2011-08-04 01:22 -------- d-----w- c:\users\Administrator\AppData\Roaming\Auslogics
2011-07-22 04:14 . 2011-07-22 04:14 -------- d-----w- c:\program files\Auslogics
2011-07-20 10:38 . 2011-07-22 03:35 -------- d-----w- c:\windows\W7SBC
2011-07-17 23:51 . 2011-07-18 01:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\Nero
2011-07-17 23:08 . 2011-07-17 23:10 -------- d-----w- c:\programdata\Nero
2011-07-14 18:30 . 2011-07-14 18:30 56454656 ----a-w- c:\windows\system32\imageres.dll
2011-07-14 18:24 . 2011-07-14 18:24 -------- d-----w- c:\programdata\Stardock
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-01 16:58 . 2011-06-12 09:25 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-29 03:14 . 2011-06-12 00:25 6908648 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 21:44 . 2011-07-03 06:27 299640 ----a-w- c:\windows\system32\drivers\NAV\1206000.01D\symnets.sys
2011-07-08 03:37 . 2011-07-08 03:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-08 03:36 . 2011-07-08 03:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
2011-07-07 23:46 . 2011-07-07 23:46 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 21:39 . 2011-07-07 21:39 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-07 19:50 . 2011-07-07 19:50 1483264 ----a-w- c:\windows\system32\RCoRes.dat
2011-07-07 12:09 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-07 01:42 . 2011-07-07 01:42 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 17:27 . 2011-07-06 17:27 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-03 06:27 . 2011-07-03 06:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-01 18:05 . 2011-07-01 18:05 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 22:00 . 2011-06-30 18:33 205949 ----a-w- c:\programdata\bdinstall.bin
2011-06-30 20:14 . 2011-06-30 20:14 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 18:53 . 2011-06-27 18:53 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 18:53 . 2011-06-27 18:53 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-16 07:34 . 2011-06-16 07:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 07:34 . 2011-06-16 07:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-12 13:37 . 2009-07-13 23:24 254976 ----a-w- c:\windows\system32\uDWM.dll
2011-06-12 13:37 . 2009-07-13 23:24 95744 ----a-w- c:\windows\system32\dwm.exe
2011-06-12 10:44 . 2011-06-12 10:44 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-06-12 08:43 . 2011-06-11 22:56 29184 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2011-06-12 08:23 . 2011-06-11 22:56 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-11 23:53 . 2011-06-11 23:53 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-11 23:53 . 2011-06-11 23:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-11 23:53 . 2011-06-11 23:53 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-11 23:53 . 2011-06-11 23:53 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-11 23:53 . 2011-06-11 23:53 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-11 23:53 . 2011-06-11 23:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-11 23:53 . 2011-06-11 23:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-11 23:53 . 2011-06-11 23:53 367104 ----a-w- c:\windows\system32\html.iec
2011-06-11 23:53 . 2011-06-11 23:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-11 23:53 . 2011-06-11 23:53 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-11 23:53 . 2011-06-11 23:53 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-11 23:53 . 2011-06-11 23:53 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-11 23:53 . 2011-06-11 23:53 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-11 23:53 . 2011-06-11 23:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-11 23:53 . 2011-06-11 23:53 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-11 23:53 . 2011-06-11 23:53 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-11 23:53 . 2011-06-11 23:53 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-11 23:53 . 2011-06-11 23:53 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-11 23:28 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-06-11 23:28 . 2010-11-20 21:29 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-06-11 23:28 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-06-11 05:58 . 2011-06-11 05:58 81744 ----a-w- c:\windows\system32\mfcm100u.dll
2011-06-11 05:58 . 2011-06-11 05:58 81744 ----a-w- c:\windows\system32\mfcm100.dll
2011-06-11 05:58 . 2011-06-11 05:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-11 05:58 . 2011-06-11 05:58 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-06-11 05:58 . 2011-06-11 05:58 64336 ----a-w- c:\windows\system32\mfc100deu.dll
2011-06-11 05:58 . 2011-06-11 05:58 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-06-11 05:58 . 2011-06-11 05:58 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-06-11 05:58 . 2011-06-11 05:58 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-06-11 05:58 . 2011-06-11 05:58 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-06-11 05:58 . 2011-06-11 05:58 51024 ----a-w- c:\windows\system32\vcomp100.dll
2011-06-11 05:58 . 2011-06-11 05:58 4422992 ----a-w- c:\windows\system32\mfc100u.dll
2011-06-11 05:58 . 2011-06-11 05:58 4397384 ----a-w- c:\windows\system32\mfc100.dll
2011-06-11 05:58 . 2011-06-11 05:58 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-06-11 05:58 . 2011-06-11 05:58 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-06-11 05:58 . 2011-06-11 05:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-11 05:58 . 2011-06-11 05:58 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-06-11 05:58 . 2011-06-11 05:58 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-06-11 05:58 . 2011-06-11 05:58 138056 ----a-w- c:\windows\system32\atl100.dll
2011-06-11 02:29 . 2011-07-13 10:41 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 21:35 . 2011-06-23 09:43 357200 ----a-w- c:\windows\system32\KAAPORT.dll
2011-06-10 18:34 . 2011-07-11 13:15 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-06-10 18:34 . 2011-07-11 13:15 394856 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-06-10 18:34 . 2011-03-21 17:22 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-06-09 21:05 . 2011-06-09 21:05 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-06-06 16:29 . 2011-06-12 10:40 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-06 16:24 . 2011-06-12 10:40 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-06-06 16:23 . 2011-06-12 10:40 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-05-31 13:42 . 2011-06-23 09:42 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 13:42 . 2011-06-23 09:42 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 13:42 . 2011-06-23 09:42 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 13:42 . 2011-06-23 09:42 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 13:42 . 2011-06-23 09:42 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-30 08:20 . 2010-11-20 21:29 432640 ----a-w- c:\windows\system32\winresume.exe
2011-05-30 08:20 . 2010-11-20 21:29 498176 ----a-w- c:\windows\system32\winload.exe
2011-05-27 21:58 . 2011-06-11 23:02 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-24 23:14 . 2011-06-11 21:48 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-24 23:12 . 2011-06-11 21:48 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34E23790-2557-420A-A4B3-4F87C1A9864E}\mpengine.dll
2011-05-24 10:44 . 2011-06-29 07:40 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . C9CBE13FB24207CB11C7D4705D4D93E5 . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"CD Art Display"="c:\program files\CD Art Display\CAD.exe" [2010-08-12 2691072]
"Rainmeter"="c:\program files\Rainmeter\Rainmeter.exe" [2011-07-31 19968]
"Synaptics Touchpad"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-16 1996072]
"XWD"="c:\program files\XWindows Dock\XWD.exe" [2010-11-13 2217472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R3 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 294400]
R3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 38608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-07-24 23456]
R3 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
R3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
R3 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
R3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-06-06 1524544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
R3 VGPU;VGPU; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-23 1343400]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20110811.030\IDSvix86.sys [2011-08-02 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-07-08 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dgxbe1ye.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.tabMinWidth - 125
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_open_feature.location - true
FF - user.js: dom.disable_window_open_feature.menubar - true
FF - user.js: dom.disable_window_open_feature.minimizable - true
FF - user.js: dom.disable_window_open_feature.resizable - true
FF - user.js: dom.disable_window_open_feature.scrollbars - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
c3,7b,f3,34,08,a9,7b,d6,65,c2,85,ce,b7
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:90,d9,41,75,94,28,cc,01
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,d9,51,ec,74,32,0d,49,8d,33,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,d9,51,ec,74,32,0d,49,8d,33,b7,\
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.B4S\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.it"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M3U8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.MP1"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.NSV"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.PlayList"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\ResHacker.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="srt_auto_file"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SWF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
@Denied: (2) (Administrator)
"Progid"="uTorrent"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URL\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VLB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File.VLB"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (Administrator)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-1319406948-333218544-4158192576-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2498218E-30F9-32B3-0314-EE1BFF06D546}*]
"namokeahdkfocbldgkoepdejgljj"=hex:69,61,6c,62,63,70,61,61,6c,6d,67,70,65,6d,
62,65,67,6f,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0F*u*c*k*i*n*'* *N*o*t*e*p*a*d*
0\command]
@="notepad.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0K*i*l*l* *d*e*a*d* *t*a*s*k*s*
0\command]
@="taskkill /F /FI \"STATUS eq NOT RESPONDING\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0R*e*s*t*a*r*t* *E*x*p*l*o*r*e*r*
0\command]
@="c:\\Program Files\\Se7en Mod Tools\\Restart_Explorer.bat"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0V*i*s*u*a*l* *S*t*y*l*e*
0\command]
"DelegateExecute"="{06622D85-6856-4460-8DE1-A81921B41C4B}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DesktopBackground\Shell\0W*a*l*l*p*a*p*e*r*
0\command]
@="control desk.cpl,,@desktop"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-12 12:15:04
ComboFix-quarantined-files.txt 2011-08-12 16:14
.
Pre-Run: 114,601,943,040 bytes free
Post-Run: 114,503,319,552 bytes free
.
- - End Of File - - 6C9E0B192F4AE3C8AF91D2ACFC380E3D