Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS Rootkit/Google Redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 eppisgood

eppisgood

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 18 January 2012 - 04:23 AM

I am running Windows Vista and Win Vista 2012 Antivirus appeared to install itself from a Drudge Report ad, but that is another topic in itself.

I followed the directions at http://www.bleepingcomputer.com/virus-removal/remove-vista-home-security-2012

I've run FixNCR.reg (http://download.bleepingcomputer.com/reg/FixNCR.reg) from a removable thumb drive, everything appears to be applied successfully.

I've run iExplore.exe & RKill, RKill only finds two processes (MLBNextDef & Google Updater, it terminates them both)

I've run Malwarebytes' Anti-Malware, ran a full scan (took 1 hour 30 minutes) and it found 8 different infected files and removed them all.

I re-booted and the TDSS Rootkit issue still remains.

Next I viewed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller. I've downloaded & run TDSSKiller, 230 objects scanned and 0 threats found (I've also run it with "Verify driver digital signatures" & "Detect TDLFS file system" enabled).

Next I ran DDS.scr and created the log files DDS.txt & Attach.txt that I can post if you would like.

Next I ran GMER and created a log file ark.txt and can post that if you would like, I am on a 64 bit machine but for some reason the program worked (although only "Services", "Registry" and "Files" check boxes could be selected, all other check boxes were greyed out so I could not select them). It found 2 items in a temp folder, I haven't done anything with them.

Thank you for any tips & suggestions & help that can be provided.

Edited by eppisgood, 18 January 2012 - 05:03 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 21 January 2012 - 09:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 January 2012 - 01:05 PM

Thank you for your willingness to help Gringo, this is the first I've encountered something so malicious.

I ran both, didn't have any issues. Also I noticed that a PING.EXE process is constantly running, and after some research I've found this to be part of the virus. I stop the process but it loads back up a few minutes later. Takes up a significant amount of resources. I ran these logs when the PING.EXE process was running. Also to note, the Microsoft Security Essentials icon in the toolbar is red because it says the service has stopped. I click start now and it gives me the error of "Couldn't find Security Essentials Service". I was told that could be related as well.

DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 9:58:22 on 2012-01-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1974 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Canon Electronics\DR2580C\JobReader.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Administrator\AppData\Local\Flock\Update\FlockUpdate.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
mWinlogon: Userinit=userinit.exe,
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Administrator\AppData\Roaming\Complitly\Complitly.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [DR-2580CJobReader] "C:\Program Files (x86)\Canon Electronics\DR2580C\JobReader.exe" DR2580C.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\Administrator\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {05842B0C-271B-412F-958F-D1A8F6CAD937} - hxxp://www.clickloan.com/CAB/GenClickLoan/1,0,0,12/GenClickLoan.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.taylorbeanonline.com/scriptx/smsx.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/ptclickloanwf.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A4E21433-30FF-433A-A2CA-C9295CDF5DB1} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BD058D1D-35C6-4120-9E14-5186FC6DDAFC} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Administrator\AppData\Roaming\Complitly\Complitly.dll
BHO-X64: Complitly - No File
BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
BHO-X64: Freecorder - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [DR-2580CJobReader] "C:\Program Files (x86)\Canon Electronics\DR2580C\JobReader.exe" DR2580C.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ao0p46ik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Flock\Update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ao0p46ik.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-25 2348864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-17 381248]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-21 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-21 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-19 22:08:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-17 17:34:44 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-01-17 17:34:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-17 17:34:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-17 17:34:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-17 17:00:55 -------- d-----we C:\Windows\system64
2012-01-17 10:12:15 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5327F34E-5A14-4E71-A77B-89076E26FE07}\offreg.dll
2012-01-17 10:12:00 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5327F34E-5A14-4E71-A77B-89076E26FE07}\mpengine.dll
2012-01-13 05:44:21 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-01-11 19:27:01 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-01-11 19:27:01 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-01-11 19:27:00 1570816 ----a-w- C:\Windows\System32\quartz.dll
2012-01-06 07:16:56 -------- d-----w- C:\Users\Administrator\dwhelper
2012-01-06 06:14:06 -------- d-----w- C:\Program Files (x86)\Conduit
2012-01-06 06:14:03 -------- d-----w- C:\Users\Administrator\AppData\Local\Conduit
2012-01-06 06:13:52 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Complitly
2012-01-06 06:13:52 -------- d-----w- C:\Program Files (x86)\Complitly
2012-01-06 06:13:40 -------- d-----w- C:\Users\Administrator\AppData\Local\FLVService
2012-01-06 06:13:22 -------- d-----w- C:\Program Files (x86)\Freecorder
2012-01-05 09:54:08 -------- d-----w- C:\WinBoard-4.5.3
2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-30 18:17:03 -------- d-----w- C:\Program Files (x86)\SwiftView
.
==================== Find3M ====================
.
2012-01-21 09:59:35 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-21 09:59:35 281880 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-21 09:59:23 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-02 22:09:22 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-17 20:43:40 406336 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-12-17 20:08:51 6004544 ----a-w- C:\Windows\System32\nvcpl.dll
2011-12-17 20:08:14 3028800 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-12-17 20:08:01 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-12-17 20:08:01 63296 ----a-w- C:\Windows\System32\nvshext.dll
2011-12-17 20:08:01 2562368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-12-17 20:08:01 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2011-12-07 10:39:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 16:13:31 352256 ----a-w- C:\Windows\System32\qdvd.dll
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-25 15:58:55 1314816 ----a-w- C:\Windows\SysWow64\quartz.dll
2011-10-25 15:58:54 497152 ----a-w- C:\Windows\SysWow64\qdvd.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 9:59:15.99 ===============







Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2009 8:06:51 PM
System Uptime: 1/20/2012 7:08:51 PM (38 hours ago)
.
Motherboard: ECS | | Nettle3
Processor: AMD Phenom™ 9150e Quad-Core Processor | Socket AM2 | 900/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 242.452 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.795 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1374: 1/10/2012 2:56:55 AM - Scheduled Checkpoint
RP1375: 1/10/2012 3:43:11 AM - Windows Update
RP1376: 1/11/2012 12:00:10 AM - Scheduled Checkpoint
RP1377: 1/11/2012 2:17:00 AM - Windows Update
RP1378: 1/12/2012 12:00:04 AM - Scheduled Checkpoint
RP1379: 1/12/2012 2:16:52 AM - Windows Update
RP1380: 1/12/2012 3:00:15 AM - Windows Update
RP1381: 1/13/2012 4:07:40 AM - Scheduled Checkpoint
RP1382: 1/13/2012 4:16:23 AM - Windows Update
RP1383: 1/14/2012 2:07:41 AM - Windows Update
RP1384: 1/15/2012 12:00:02 AM - Scheduled Checkpoint
RP1385: 1/15/2012 2:08:53 AM - Windows Update
RP1386: 1/16/2012 2:10:38 AM - Windows Update
RP1387: 1/17/2012 2:10:34 AM - Windows Update
RP1388: 1/18/2012 3:56:56 AM - Scheduled Checkpoint
RP1389: 1/19/2012 12:00:04 AM - Scheduled Checkpoint
RP1390: 1/20/2012 4:09:17 AM - Scheduled Checkpoint
RP1391: 1/21/2012 6:11:37 AM - Scheduled Checkpoint
RP1392: 1/22/2012 2:12:45 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Reader X (10.1.2)
Adobe SVG Viewer 3.0
Apple Application Support
Apple Software Update
Battlefield 3™
Battlelog Web Plugins
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Canon DR-2580C Driver
CapturePerfect 3.0
CapturePerfect 3.0 Help & Manual
Compatibility Pack for the 2007 Office system
Complitly
D3DX10
DR-2580C Job Tool
Dropbox
Encompass360
Encompass360 NetBranch Installation Manager
Enhanced Multimedia Keyboard Solution
ESN Sonar
FileZilla Client 3.2.4.1
Flock (3.5.3.4641)
Freecorder 5
Freecorder Toolbar
FreeRIP v3.30
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 4.8.0.723
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Picasso Media Center Add-In
HP Recovery Manager RSS
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 7
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
LinkedIn Outlook Connector
Malwarebytes Anti-Malware version 1.60.0.1800
MeridianLink Site Security Certificate
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Microsoft_VC90_CRT_x86
MLB.TV NexDef Plug-in
Move Media Player
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
Origin
Point 7.2
PunkBuster Services
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Click to Call
Skype™ 5.5
Steam
SwiftView Viewer
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/22/2012 9:52:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2012 9:51:56 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2012 9:46:33 AM, Error: netbt [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
1/20/2012 7:11:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
1/20/2012 7:11:01 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
1/20/2012 7:11:01 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
1/20/2012 7:11:01 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
1/20/2012 7:11:01 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/20/2012 7:09:27 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp LaserJet 1320 PCL 5 with shared resource name hp LaserJet 1320 PCL 5. Error 2114. The printer cannot be used by others on the network.
1/20/2012 7:09:22 PM, Error: EventLog [6008] - The previous system shutdown at 7:07:16 PM on 1/20/2012 was unexpected.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/20/2012 6:28:44 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2012 3:00:23 AM, Error: EventLog [6008] - The previous system shutdown at 2:56:59 AM on 1/20/2012 was unexpected.
1/19/2012 7:25:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter spldr Wanarpv6
1/19/2012 7:25:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2012 7:24:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/19/2012 7:24:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2012 7:24:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/19/2012 7:00:10 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
1/19/2012 7:00:10 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
1/19/2012 7:00:10 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
1/19/2012 7:00:10 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
1/19/2012 6:44:08 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
1/19/2012 6:42:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
1/19/2012 6:42:20 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/19/2012 6:42:20 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/19/2012 1:02:21 PM, Error: EventLog [6008] - The previous system shutdown at 1:00:16 PM on 1/19/2012 was unexpected.
1/17/2012 9:00:42 AM, Error: Service Control Manager [7031] - The Microsoft Network Inspection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/17/2012 9:00:42 AM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================

Edited by eppisgood, 22 January 2012 - 01:09 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 22 January 2012 - 01:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 January 2012 - 02:49 PM

I installed ComboFix and afterwards it gives me a warning that Microsoft Security Essentials is still running as my antivirus & antispyware - however like I mentioned in the prior post the MSE icon is red with a white x in it like it is not active. I follow the instructions in your link about deactivating it, but the service has stopped in the control panel. Shall I proceed anyway?

Edited by eppisgood, 22 January 2012 - 02:50 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 22 January 2012 - 03:08 PM

Yes go ahead and proceed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 January 2012 - 04:22 PM

No problems during ComboFix.

PING.exe is still there
MS Security Essentials service is still not on/cannot found
I still get Google redirects (as well as random spam websites loading when I have certain domains open, such as ESPN.com)

ComboFix 12-01-21.02 - Administrator 01/22/2012 12:14:34.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2125 [GMT -8:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\Administrator\g2mdlhlpx.exe
c:\users\Administrator\GoToAssistDownloadHelper.exe
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 20:28 . 2012-01-22 20:28 -------- d-----we c:\windows\system64
2012-01-19 22:08 . 2012-01-19 22:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-17 17:34 . 2012-01-17 17:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-01-17 17:34 . 2012-01-17 17:34 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 17:34 . 2012-01-17 17:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-17 17:34 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 10:12 . 2012-01-17 10:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5327F34E-5A14-4E71-A77B-89076E26FE07}\offreg.dll
2012-01-17 10:12 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5327F34E-5A14-4E71-A77B-89076E26FE07}\mpengine.dll
2012-01-13 05:44 . 2009-08-20 07:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-11 19:27 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 19:27 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-11 19:27 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-01-06 07:16 . 2012-01-06 07:24 -------- d-----w- c:\users\Administrator\dwhelper
2012-01-06 06:14 . 2012-01-06 06:14 -------- d-----w- c:\users\AppData
2012-01-06 06:14 . 2012-01-06 06:14 -------- d-----w- c:\program files (x86)\Conduit
2012-01-06 06:14 . 2012-01-06 08:06 -------- d-----w- c:\users\Administrator\AppData\Local\Conduit
2012-01-06 06:13 . 2012-01-06 06:13 -------- d-----w- c:\program files (x86)\Complitly
2012-01-06 06:13 . 2012-01-06 06:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Complitly
2012-01-06 06:13 . 2012-01-22 19:59 -------- d-----w- c:\users\Administrator\AppData\Local\FLVService
2012-01-06 06:13 . 2012-01-06 08:06 -------- d-----w- c:\program files (x86)\Freecorder
2012-01-05 09:54 . 2012-01-05 09:54 -------- d-----w- C:\WinBoard-4.5.3
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-30 18:17 . 2011-12-30 18:17 -------- d-----w- c:\program files (x86)\SwiftView
2011-12-25 09:29 . 2012-01-21 03:12 -------- d-----w- c:\users\UpdatusUser
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-21 09:59 . 2011-11-01 06:23 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-21 09:59 . 2011-11-01 05:53 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-21 09:59 . 2011-11-01 05:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-02 22:09 . 2011-11-01 05:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-17 21:05 . 2011-11-01 06:29 1715008 ----a-w- c:\windows\system32\nvdispco64.dll
2011-12-17 21:05 . 2011-11-01 06:29 1454912 ----a-w- c:\windows\system32\nvgenco64.dll
2011-12-17 21:05 . 2008-11-07 05:16 2403136 ----a-w- c:\windows\system32\nvapi64.dll
2011-12-17 21:05 . 2008-01-21 02:47 17483072 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-12-17 20:43 . 2011-12-17 20:43 406336 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-12-17 20:08 . 2010-10-16 21:13 6004544 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-17 20:08 . 2010-10-16 21:13 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-17 20:08 . 2011-08-24 05:30 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-17 20:08 . 2010-10-16 21:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-17 20:08 . 2010-10-16 21:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-12-17 20:08 . 2010-10-16 21:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-07 10:39 . 2011-07-27 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-15 06:15 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-04-17 03:24 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-08 14:58 . 2011-12-15 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-15 06:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 11:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 11:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 11:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 11:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 11:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 11:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 11:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-25 16:09 . 2011-12-15 06:15 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"DR-2580CJobReader"="c:\program files (x86)\Canon Electronics\DR2580C\JobReader.exe" [2006-05-26 43112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
MLB.TV NexDef Plug-in.lnk - c:\users\Administrator\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500Core.job
- c:\users\Administrator\AppData\Local\Flock\Update\FlockUpdate.exe [2010-11-13 09:26]
.
2012-01-22 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500UA.job
- c:\users\Administrator\AppData\Local\Flock\Update\FlockUpdate.exe [2010-11-13 09:26]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 21:36]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 21:36]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-1000.job
- c:\users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 04:48]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-24 16:35]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-24 16:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CANON DR2580C SVC"="DR25SVC.dll" [2008-12-17 152064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {05842B0C-271B-412F-958F-D1A8F6CAD937} - hxxp://www.clickloan.com/CAB/GenClickLoan/1,0,0,12/GenClickLoan.cab
DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/ptclickloanwf.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ao0p46ik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-MsMpSvc
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,3b,1b,6c,f2,7b,
00,8b,27,b0,02,a2,e7,e9,0c,8a,49,c4,09
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,02,
3d,56,12,b2,5a,80,16,42,d0,25,e0,8d,52
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
06,9e,b3,e5,09,be,98,b8,17,8e,6b,fd,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,2a,
8e,31,17,d9,01,95,c2,13,24,74,4d,23,db
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,42,
b4,ee,5a,f7,06,98,3d,8d,50,55,31,33,ea
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cf,66,
b0,52,b3,29,03,99,7d,46,05,ec,53,59,0d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,d4,
cc,79,a2,26,0c,83,80,41,9c,2d,7d,83,52
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
c5,76,ff,3d,08,a7,7a,de,65,c3,80,c8,b4
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,01,8d,
ea,93,81,35,0b,82,6a,24,1d,8c,a3,e0,6a
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,1a,
2c,9a,1f,81,08,9f,e7,c2,c8,3a,c5,d5,04
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,1f,
e1,69,97,48,05,a4,35,d4,a9,2b,93,15,1e
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f0,
a3,56,99,b6,5a,a7,e3,42,e0,cb,4f,f5,12
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,4e,
34,c5,00,03,0d,b3,ad,8d,e9,65,6b,02,8c
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,3b,1b,19,b6,ac,
11,b5,3b,e9,0e,a6,9c,5d,ce,e3,45,02,bd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,9f,
6c,f6,6b,44,06,ac,f7,49,fc,1f,7d,e3,63
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b0,7a,1a,98,89,cc,cc,01
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,d9,95,6c,e4,36,cf,4d,89,ac,bb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,d9,95,6c,e4,36,cf,4d,89,ac,bb,\
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3fr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3g2"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gp"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gp2"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gpp"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.aac"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.ac3"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acrobatsecuritysettings\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Acrobat.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.adts"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.amc"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.caf"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.cdda"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.dif"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.dv"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.gsm"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4a"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4b"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4p"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4v"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mac"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mov"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mp4"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mqv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mqv"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pct"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Acrobat.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfxml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Acrobat.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pic"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pict"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pnt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pnt"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pntg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pntg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.qt"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qti\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.qti"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.qtif"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.sd2"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="htmlfile"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\ping.exe
.
**************************************************************************
.
Completion time: 2012-01-22 12:39:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 20:39
.
Pre-Run: 261,099,151,360 bytes free
Post-Run: 260,897,497,088 bytes free
.
- - End Of File - - 6F284002C63E8288E155C04E251DEBC9

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 22 January 2012 - 04:25 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 22 January 2012 - 04:46 PM

I ran TDSSKiller.exe and no infected or suspicious files were found.

Should I re-start my computer in safe mode and re-run?

Below is the log:

13:44:23.0023 4328 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
13:44:23.0397 4328 ============================================================
13:44:23.0398 4328 Current date / time: 2012/01/22 13:44:23.0397
13:44:23.0398 4328 SystemInfo:
13:44:23.0398 4328
13:44:23.0398 4328 OS Version: 6.0.6002 ServicePack: 2.0
13:44:23.0398 4328 Product type: Workstation
13:44:23.0398 4328 ComputerName: SHANE-PC
13:44:23.0398 4328 UserName: Administrator
13:44:23.0398 4328 Windows directory: C:\Windows
13:44:23.0399 4328 System windows directory: C:\Windows
13:44:23.0399 4328 Running under WOW64
13:44:23.0399 4328 Processor architecture: Intel x64
13:44:23.0399 4328 Number of processors: 4
13:44:23.0399 4328 Page size: 0x1000
13:44:23.0399 4328 Boot type: Normal boot
13:44:23.0399 4328 ============================================================
13:44:24.0391 4328 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:24.0482 4328 Initialize success
13:44:29.0668 4664 ============================================================
13:44:29.0668 4664 Scan started
13:44:29.0668 4664 Mode: Manual; SigCheck; TDLFS;
13:44:29.0668 4664 ============================================================
13:44:31.0612 4664 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:44:31.0842 4664 ACPI - ok
13:44:31.0955 4664 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:44:32.0000 4664 adp94xx - ok
13:44:32.0048 4664 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:44:32.0091 4664 adpahci - ok
13:44:32.0182 4664 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:44:32.0195 4664 adpu160m - ok
13:44:32.0218 4664 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:44:32.0234 4664 adpu320 - ok
13:44:32.0321 4664 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
13:44:32.0388 4664 AFD - ok
13:44:32.0416 4664 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:44:32.0437 4664 agp440 - ok
13:44:32.0464 4664 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:44:32.0488 4664 aic78xx - ok
13:44:32.0526 4664 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:44:32.0545 4664 aliide - ok
13:44:32.0562 4664 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:44:32.0581 4664 amdide - ok
13:44:32.0624 4664 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:44:32.0851 4664 AmdK8 - ok
13:44:32.0910 4664 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:44:32.0932 4664 arc - ok
13:44:32.0950 4664 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:44:32.0972 4664 arcsas - ok
13:44:33.0050 4664 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:33.0123 4664 AsyncMac - ok
13:44:33.0165 4664 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:44:33.0186 4664 atapi - ok
13:44:33.0211 4664 Beep - ok
13:44:33.0260 4664 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:44:33.0316 4664 blbdrive - ok
13:44:33.0387 4664 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:44:33.0420 4664 bowser - ok
13:44:33.0462 4664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:44:33.0533 4664 BrFiltLo - ok
13:44:33.0557 4664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:44:33.0614 4664 BrFiltUp - ok
13:44:33.0640 4664 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:44:33.0757 4664 Brserid - ok
13:44:33.0778 4664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:44:33.0860 4664 BrSerWdm - ok
13:44:33.0887 4664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:44:33.0947 4664 BrUsbMdm - ok
13:44:33.0961 4664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:44:34.0030 4664 BrUsbSer - ok
13:44:34.0059 4664 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:44:34.0136 4664 BTHMODEM - ok
13:44:34.0161 4664 catchme - ok
13:44:34.0184 4664 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:44:34.0230 4664 cdfs - ok
13:44:34.0260 4664 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:44:34.0299 4664 cdrom - ok
13:44:34.0332 4664 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:44:34.0373 4664 circlass - ok
13:44:34.0412 4664 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:44:34.0436 4664 CLFS - ok
13:44:34.0472 4664 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:44:34.0483 4664 cmdide - ok
13:44:34.0501 4664 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:44:34.0512 4664 Compbatt - ok
13:44:34.0533 4664 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:44:34.0544 4664 crcdisk - ok
13:44:34.0604 4664 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:44:34.0640 4664 DfsC - ok
13:44:34.0696 4664 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:44:34.0720 4664 disk - ok
13:44:34.0782 4664 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
13:44:34.0868 4664 Dot4 - ok
13:44:34.0897 4664 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:44:34.0936 4664 Dot4Print - ok
13:44:34.0955 4664 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
13:44:35.0011 4664 dot4usb - ok
13:44:35.0061 4664 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:44:35.0108 4664 drmkaud - ok
13:44:35.0168 4664 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:44:35.0326 4664 DXGKrnl - ok
13:44:35.0430 4664 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:44:35.0513 4664 E1G60 - ok
13:44:35.0575 4664 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:44:35.0604 4664 Ecache - ok
13:44:35.0655 4664 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:44:35.0701 4664 elxstor - ok
13:44:35.0734 4664 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:44:35.0765 4664 ErrDev - ok
13:44:35.0811 4664 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:44:35.0871 4664 exfat - ok
13:44:35.0911 4664 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:44:35.0984 4664 fastfat - ok
13:44:36.0014 4664 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:44:36.0096 4664 fdc - ok
13:44:36.0138 4664 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:44:36.0160 4664 FileInfo - ok
13:44:36.0188 4664 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:44:36.0261 4664 Filetrace - ok
13:44:36.0296 4664 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:44:36.0342 4664 flpydisk - ok
13:44:36.0377 4664 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:44:36.0396 4664 FltMgr - ok
13:44:36.0442 4664 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:44:36.0470 4664 Fs_Rec - ok
13:44:36.0502 4664 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:44:36.0515 4664 gagp30kx - ok
13:44:36.0567 4664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:44:36.0586 4664 GEARAspiWDM - ok
13:44:36.0699 4664 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:44:36.0830 4664 HDAudBus - ok
13:44:36.0854 4664 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:44:36.0972 4664 HidBth - ok
13:44:36.0995 4664 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:44:37.0067 4664 HidIr - ok
13:44:37.0102 4664 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:44:37.0137 4664 HidUsb - ok
13:44:37.0183 4664 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:44:37.0195 4664 HpCISSs - ok
13:44:37.0233 4664 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:44:37.0312 4664 HTTP - ok
13:44:37.0348 4664 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:44:37.0368 4664 i2omp - ok
13:44:37.0432 4664 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:44:37.0493 4664 i8042prt - ok
13:44:37.0519 4664 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:44:37.0550 4664 iaStorV - ok
13:44:37.0578 4664 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:44:37.0598 4664 iirsp - ok
13:44:37.0706 4664 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
13:44:37.0856 4664 IntcAzAudAddService - ok
13:44:37.0893 4664 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:44:37.0904 4664 intelide - ok
13:44:37.0959 4664 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:44:38.0030 4664 intelppm - ok
13:44:38.0073 4664 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:44:38.0132 4664 IpFilterDriver - ok
13:44:38.0143 4664 IpInIp - ok
13:44:38.0173 4664 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:44:38.0224 4664 IPMIDRV - ok
13:44:38.0247 4664 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:44:38.0311 4664 IPNAT - ok
13:44:38.0343 4664 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:44:38.0383 4664 IRENUM - ok
13:44:38.0411 4664 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:44:38.0422 4664 isapnp - ok
13:44:38.0457 4664 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:44:38.0484 4664 iScsiPrt - ok
13:44:38.0508 4664 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:44:38.0528 4664 iteatapi - ok
13:44:38.0571 4664 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:44:38.0590 4664 iteraid - ok
13:44:38.0608 4664 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:44:38.0628 4664 kbdclass - ok
13:44:38.0653 4664 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:44:38.0737 4664 kbdhid - ok
13:44:38.0780 4664 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
13:44:38.0807 4664 KSecDD - ok
13:44:38.0826 4664 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:44:38.0872 4664 ksthunk - ok
13:44:38.0922 4664 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:44:38.0974 4664 lltdio - ok
13:44:39.0029 4664 LMIInfo - ok
13:44:39.0082 4664 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
13:44:39.0131 4664 lmimirr - ok
13:44:39.0143 4664 LMIRfsClientNP - ok
13:44:39.0166 4664 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:44:39.0184 4664 LMIRfsDriver - ok
13:44:39.0220 4664 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:44:39.0244 4664 LSI_FC - ok
13:44:39.0275 4664 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:44:39.0299 4664 LSI_SAS - ok
13:44:39.0322 4664 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:44:39.0346 4664 LSI_SCSI - ok
13:44:39.0384 4664 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:44:39.0439 4664 luafv - ok
13:44:39.0467 4664 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:44:39.0478 4664 megasas - ok
13:44:39.0533 4664 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:44:39.0557 4664 MegaSR - ok
13:44:39.0629 4664 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:44:39.0693 4664 Modem - ok
13:44:39.0726 4664 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:44:39.0782 4664 monitor - ok
13:44:39.0803 4664 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:44:39.0814 4664 mouclass - ok
13:44:39.0834 4664 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:44:39.0886 4664 mouhid - ok
13:44:39.0899 4664 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:44:39.0918 4664 MountMgr - ok
13:44:39.0969 4664 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:44:39.0986 4664 MpFilter - ok
13:44:40.0038 4664 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:44:40.0062 4664 mpio - ok
13:44:40.0085 4664 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:44:40.0096 4664 MpNWMon - ok
13:44:40.0116 4664 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:44:40.0156 4664 mpsdrv - ok
13:44:40.0183 4664 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:44:40.0196 4664 Mraid35x - ok
13:44:40.0228 4664 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:44:40.0275 4664 MRxDAV - ok
13:44:40.0310 4664 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:44:40.0337 4664 mrxsmb - ok
13:44:40.0389 4664 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:44:40.0437 4664 mrxsmb10 - ok
13:44:40.0490 4664 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:44:40.0518 4664 mrxsmb20 - ok
13:44:40.0548 4664 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:44:40.0568 4664 msahci - ok
13:44:40.0610 4664 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:44:40.0634 4664 msdsm - ok
13:44:40.0689 4664 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:44:40.0784 4664 Msfs - ok
13:44:40.0815 4664 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:44:40.0834 4664 msisadrv - ok
13:44:40.0891 4664 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:44:40.0975 4664 MSKSSRV - ok
13:44:41.0023 4664 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:44:41.0087 4664 MSPCLOCK - ok
13:44:41.0125 4664 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:44:41.0203 4664 MSPQM - ok
13:44:41.0249 4664 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:44:41.0274 4664 MsRPC - ok
13:44:41.0296 4664 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:44:41.0308 4664 mssmbios - ok
13:44:41.0327 4664 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:44:41.0375 4664 MSTEE - ok
13:44:41.0407 4664 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:44:41.0420 4664 Mup - ok
13:44:41.0485 4664 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:44:41.0515 4664 NativeWifiP - ok
13:44:41.0559 4664 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:44:41.0619 4664 NDIS - ok
13:44:41.0633 4664 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:44:41.0682 4664 NdisTapi - ok
13:44:41.0713 4664 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:44:41.0753 4664 Ndisuio - ok
13:44:41.0792 4664 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:44:41.0834 4664 NdisWan - ok
13:44:41.0860 4664 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:44:41.0932 4664 NDProxy - ok
13:44:41.0982 4664 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:44:42.0056 4664 NetBIOS - ok
13:44:42.0096 4664 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:44:42.0147 4664 netbt - ok
13:44:42.0230 4664 netr7364 (b69d6bb680c85243af0263b3e01d5e77) C:\Windows\system32\DRIVERS\netr7364.sys
13:44:42.0278 4664 netr7364 - ok
13:44:42.0310 4664 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:44:42.0322 4664 nfrd960 - ok
13:44:42.0372 4664 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:44:42.0383 4664 NisDrv - ok
13:44:42.0506 4664 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:44:42.0583 4664 Npfs - ok
13:44:42.0606 4664 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:44:42.0701 4664 nsiproxy - ok
13:44:42.0784 4664 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:44:42.0889 4664 Ntfs - ok
13:44:42.0913 4664 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:44:42.0975 4664 Null - ok
13:44:43.0062 4664 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
13:44:43.0133 4664 NVENETFD - ok
13:44:43.0480 4664 nvlddmkm (fd7ea1dcfbe760f04146024697329843) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:44:44.0144 4664 nvlddmkm - ok
13:44:44.0203 4664 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:44:44.0217 4664 nvraid - ok
13:44:44.0238 4664 nvrd64 (011db85affd2368348181c552e025d98) C:\Windows\system32\drivers\nvrd64.sys
13:44:44.0252 4664 nvrd64 - ok
13:44:44.0293 4664 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\drivers\nvsmu.sys
13:44:44.0307 4664 nvsmu - ok
13:44:44.0331 4664 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:44:44.0343 4664 nvstor - ok
13:44:44.0375 4664 nvstor64 (fa6d13aa972967eb46862d0f0372a65a) C:\Windows\system32\drivers\nvstor64.sys
13:44:44.0395 4664 nvstor64 - ok
13:44:44.0448 4664 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:44:44.0472 4664 nv_agp - ok
13:44:44.0484 4664 NwlnkFlt - ok
13:44:44.0498 4664 NwlnkFwd - ok
13:44:44.0559 4664 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:44:44.0630 4664 ohci1394 - ok
13:44:44.0713 4664 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:44:44.0856 4664 Parport - ok
13:44:44.0888 4664 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:44:44.0914 4664 partmgr - ok
13:44:44.0963 4664 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:44:44.0991 4664 pci - ok
13:44:45.0044 4664 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:44:45.0066 4664 pciide - ok
13:44:45.0105 4664 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:44:45.0139 4664 pcmcia - ok
13:44:45.0184 4664 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:44:45.0304 4664 PEAUTH - ok
13:44:45.0406 4664 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:44:45.0451 4664 PptpMiniport - ok
13:44:45.0473 4664 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
13:44:45.0528 4664 Processor - ok
13:44:45.0555 4664 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
13:44:45.0586 4664 Ps2 - ok
13:44:45.0644 4664 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:44:45.0673 4664 PSched - ok
13:44:45.0721 4664 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:44:45.0832 4664 ql2300 - ok
13:44:45.0860 4664 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:44:45.0884 4664 ql40xx - ok
13:44:45.0922 4664 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:44:45.0963 4664 QWAVEdrv - ok
13:44:45.0987 4664 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:44:46.0077 4664 RasAcd - ok
13:44:46.0130 4664 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:44:46.0203 4664 Rasl2tp - ok
13:44:46.0285 4664 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:44:46.0373 4664 RasPppoe - ok
13:44:46.0557 4664 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:44:46.0594 4664 RasSstp - ok
13:44:46.0638 4664 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:44:46.0699 4664 rdbss - ok
13:44:46.0728 4664 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:44:46.0801 4664 RDPCDD - ok
13:44:46.0848 4664 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:44:46.0943 4664 rdpdr - ok
13:44:46.0957 4664 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:44:46.0998 4664 RDPENCDD - ok
13:44:47.0051 4664 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
13:44:47.0084 4664 RDPWD - ok
13:44:47.0168 4664 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:44:47.0211 4664 rspndr - ok
13:44:47.0246 4664 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:44:47.0261 4664 sbp2port - ok
13:44:47.0300 4664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:44:47.0370 4664 secdrv - ok
13:44:47.0401 4664 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:44:47.0468 4664 Serenum - ok
13:44:47.0504 4664 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:44:47.0587 4664 Serial - ok
13:44:47.0608 4664 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:44:47.0686 4664 sermouse - ok
13:44:47.0725 4664 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:44:47.0764 4664 sffdisk - ok
13:44:47.0778 4664 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:44:47.0829 4664 sffp_mmc - ok
13:44:47.0847 4664 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:44:47.0886 4664 sffp_sd - ok
13:44:47.0899 4664 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:44:47.0972 4664 sfloppy - ok
13:44:48.0018 4664 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:44:48.0030 4664 SiSRaid2 - ok
13:44:48.0051 4664 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:44:48.0064 4664 SiSRaid4 - ok
13:44:48.0100 4664 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:44:48.0146 4664 Smb - ok
13:44:48.0193 4664 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:44:48.0205 4664 spldr - ok
13:44:48.0262 4664 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:44:48.0313 4664 srv - ok
13:44:48.0356 4664 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:44:48.0397 4664 srv2 - ok
13:44:48.0418 4664 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:44:48.0435 4664 srvnet - ok
13:44:48.0493 4664 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:44:48.0504 4664 swenum - ok
13:44:48.0532 4664 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:44:48.0543 4664 Symc8xx - ok
13:44:48.0569 4664 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:44:48.0580 4664 Sym_hi - ok
13:44:48.0601 4664 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:44:48.0612 4664 Sym_u3 - ok
13:44:48.0687 4664 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
13:44:48.0911 4664 Tcpip - ok
13:44:48.0979 4664 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
13:44:49.0208 4664 Tcpip6 - ok
13:44:49.0248 4664 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
13:44:49.0294 4664 tcpipreg - ok
13:44:49.0339 4664 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:44:49.0422 4664 TDPIPE - ok
13:44:49.0448 4664 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:44:49.0520 4664 TDTCP - ok
13:44:49.0557 4664 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:44:49.0589 4664 tdx - ok
13:44:49.0613 4664 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:44:49.0627 4664 TermDD - ok
13:44:49.0662 4664 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:44:49.0717 4664 tssecsrv - ok
13:44:49.0735 4664 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:44:49.0762 4664 tunmp - ok
13:44:49.0802 4664 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:44:49.0817 4664 tunnel - ok
13:44:49.0850 4664 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:44:49.0862 4664 uagp35 - ok
13:44:49.0922 4664 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:44:49.0966 4664 udfs - ok
13:44:50.0009 4664 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:44:50.0021 4664 uliagpkx - ok
13:44:50.0076 4664 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:44:50.0107 4664 uliahci - ok
13:44:50.0158 4664 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:44:50.0183 4664 UlSata - ok
13:44:50.0234 4664 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:44:50.0260 4664 ulsata2 - ok
13:44:50.0327 4664 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:44:50.0402 4664 umbus - ok
13:44:50.0483 4664 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:44:50.0510 4664 USBAAPL64 - ok
13:44:50.0548 4664 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
13:44:50.0613 4664 usbaudio - ok
13:44:50.0662 4664 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:44:50.0717 4664 usbccgp - ok
13:44:50.0743 4664 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:44:50.0867 4664 usbcir - ok
13:44:50.0895 4664 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:44:50.0924 4664 usbehci - ok
13:44:50.0955 4664 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:44:51.0017 4664 usbhub - ok
13:44:51.0035 4664 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
13:44:51.0074 4664 usbohci - ok
13:44:51.0090 4664 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
13:44:51.0155 4664 usbprint - ok
13:44:51.0207 4664 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:44:51.0248 4664 usbscan - ok
13:44:51.0284 4664 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:44:51.0313 4664 USBSTOR - ok
13:44:51.0353 4664 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:44:51.0380 4664 usbuhci - ok
13:44:51.0410 4664 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:44:51.0481 4664 vga - ok
13:44:51.0495 4664 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:44:51.0587 4664 VgaSave - ok
13:44:51.0606 4664 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:44:51.0617 4664 viaide - ok
13:44:51.0642 4664 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:44:51.0656 4664 volmgr - ok
13:44:51.0694 4664 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:44:51.0719 4664 volmgrx - ok
13:44:51.0767 4664 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:44:51.0785 4664 volsnap - ok
13:44:51.0814 4664 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:44:51.0828 4664 vsmraid - ok
13:44:51.0868 4664 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:44:51.0935 4664 WacomPen - ok
13:44:51.0982 4664 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:44:52.0025 4664 Wanarp - ok
13:44:52.0032 4664 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:44:52.0060 4664 Wanarpv6 - ok
13:44:52.0102 4664 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:44:52.0113 4664 Wd - ok
13:44:52.0149 4664 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:44:52.0226 4664 Wdf01000 - ok
13:44:52.0314 4664 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:44:52.0344 4664 WmiAcpi - ok
13:44:52.0418 4664 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:44:52.0449 4664 WpdUsb - ok
13:44:52.0498 4664 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:44:52.0570 4664 ws2ifsl - ok
13:44:52.0649 4664 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:44:52.0726 4664 WUDFRd - ok
13:44:52.0777 4664 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
13:44:53.0056 4664 \Device\Harddisk0\DR0 - ok
13:44:53.0062 4664 Boot (0x1200) (fa7071322ffb041fe03594d7505e213a) \Device\Harddisk0\DR0\Partition0
13:44:53.0064 4664 \Device\Harddisk0\DR0\Partition0 - ok
13:44:53.0073 4664 Boot (0x1200) (144eadad46a48df93733d26d53ed44ef) \Device\Harddisk0\DR0\Partition1
13:44:53.0074 4664 \Device\Harddisk0\DR0\Partition1 - ok
13:44:53.0077 4664 ============================================================
13:44:53.0077 4664 Scan finished
13:44:53.0077 4664 ============================================================
13:44:53.0098 3288 Detected object count: 0
13:44:53.0098 3288 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 22 January 2012 - 06:09 PM

Hello

No - This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 23 January 2012 - 01:34 AM

I just ran it and posted the log, I didn't clean/delete the infected files or anything.

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-22 20:42:18
-----------------------------
20:42:18.176 OS Version: Windows x64 6.0.6002 Service Pack 2
20:42:18.177 Number of processors: 4 586 0x203
20:42:18.178 ComputerName: SHANE-PC UserName:
20:42:23.556 Initialize success
20:43:47.935 AVAST engine defs: 12012201
20:44:13.571 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000050
20:44:13.580 Disk 0 Vendor: ST350062 HP24 Size: 476940MB BusType: 8
20:44:13.596 Disk 0 MBR read successfully
20:44:13.600 Disk 0 MBR scan
20:44:13.608 Disk 0 unknown MBR code
20:44:13.613 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463461 MB offset 63
20:44:13.645 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13476 MB offset 949168395
20:44:13.654 Service scanning
20:44:15.101 Modules scanning
20:44:15.108 Disk 0 trace - called modules:
20:44:15.127 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
20:44:15.134 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e373e0]
20:44:15.142 3 CLASSPNP.SYS[fffffa60007a0c33] -> nt!IofCallDriver -> [0xfffffa8004101040]
20:44:15.149 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\00000050[0xfffffa8004cba9e0]
20:44:16.817 AVAST engine scan C:\Windows
20:44:25.936 AVAST engine scan C:\Windows\system32
20:44:39.876 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
20:47:01.567 AVAST engine scan C:\Windows\system32\drivers
20:47:15.310 AVAST engine scan C:\Users\Administrator
20:53:43.755 File: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1377b552-1d234e9f **INFECTED** Win32:FakeSysdef-A [Trj]
21:20:56.232 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
21:20:56.247 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 23 January 2012 - 01:48 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:regfind
*consrv*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by gringo_pr, 23 January 2012 - 01:49 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 23 January 2012 - 01:56 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:55 on 22/01/2012 by Administrator
Administrator - Elevation successful

========== regfind ==========

Searching for "*consrv*"
No data found.

-= EOF =-

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:48 AM

Posted 23 January 2012 - 02:08 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Windows\system32\consrv.dll


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 eppisgood

eppisgood
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 23 January 2012 - 02:46 AM

Ran it again and it appeared to conclude fine, although within ComboxFix a couple times I got the message of "Access denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks."


ComboFix 12-01-21.02 - Administrator 01/22/2012 23:18:58.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2422 [GMT -8:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 07:31 . 2012-01-23 07:31 -------- d-----we c:\windows\system64
2012-01-23 07:30 . 2012-01-23 07:30 -------- d-----w- c:\users\Shane\AppData\Local\temp
2012-01-19 22:08 . 2012-01-19 22:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-17 17:34 . 2012-01-17 17:34 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-01-17 17:34 . 2012-01-17 17:34 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 17:34 . 2012-01-17 17:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-17 17:34 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-17 10:12 . 2012-01-17 10:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5327F34E-5A14-4E71-A77B-89076E26FE07}\offreg.dll
2012-01-17 10:12 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5327F34E-5A14-4E71-A77B-89076E26FE07}\mpengine.dll
2012-01-13 05:44 . 2009-08-20 07:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-11 19:27 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 19:27 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-01-11 19:27 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-01-06 07:16 . 2012-01-06 07:24 -------- d-----w- c:\users\Administrator\dwhelper
2012-01-06 06:14 . 2012-01-22 20:39 -------- d-----w- c:\users\AppData
2012-01-06 06:14 . 2012-01-06 06:14 -------- d-----w- c:\program files (x86)\Conduit
2012-01-06 06:14 . 2012-01-06 08:06 -------- d-----w- c:\users\Administrator\AppData\Local\Conduit
2012-01-06 06:13 . 2012-01-06 06:13 -------- d-----w- c:\program files (x86)\Complitly
2012-01-06 06:13 . 2012-01-06 06:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Complitly
2012-01-06 06:13 . 2012-01-23 06:52 -------- d-----w- c:\users\Administrator\AppData\Local\FLVService
2012-01-06 06:13 . 2012-01-06 08:06 -------- d-----w- c:\program files (x86)\Freecorder
2012-01-05 09:54 . 2012-01-05 09:54 -------- d-----w- C:\WinBoard-4.5.3
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-30 18:17 . 2011-12-30 18:17 -------- d-----w- c:\program files (x86)\SwiftView
2011-12-25 09:29 . 2012-01-23 05:26 -------- d-----w- c:\users\UpdatusUser
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-21 09:59 . 2011-11-01 06:23 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-21 09:59 . 2011-11-01 05:53 281880 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-21 09:59 . 2011-11-01 05:53 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-02 22:09 . 2011-11-01 05:53 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-17 21:05 . 2011-11-01 06:29 1715008 ----a-w- c:\windows\system32\nvdispco64.dll
2011-12-17 21:05 . 2011-11-01 06:29 1454912 ----a-w- c:\windows\system32\nvgenco64.dll
2011-12-17 21:05 . 2008-11-07 05:16 2403136 ----a-w- c:\windows\system32\nvapi64.dll
2011-12-17 21:05 . 2008-01-21 02:47 17483072 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-12-17 20:43 . 2011-12-17 20:43 406336 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-12-17 20:08 . 2010-10-16 21:13 6004544 ----a-w- c:\windows\system32\nvcpl.dll
2011-12-17 20:08 . 2010-10-16 21:13 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
2011-12-17 20:08 . 2011-08-24 05:30 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-12-17 20:08 . 2010-10-16 21:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2011-12-17 20:08 . 2010-10-16 21:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2011-12-17 20:08 . 2010-10-16 21:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-07 10:39 . 2011-07-27 16:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-15 06:15 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-04-17 03:24 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-08 14:58 . 2011-12-15 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-15 06:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 11:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 11:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 11:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 11:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 11:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 11:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 11:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 11:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-25 16:09 . 2011-12-15 06:15 85504 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-04 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"DR-2580CJobReader"="c:\program files (x86)\Canon Electronics\DR2580C\JobReader.exe" [2006-05-26 43112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
MLB.TV NexDef Plug-in.lnk - c:\users\Administrator\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500Core.job
- c:\users\Administrator\AppData\Local\Flock\Update\FlockUpdate.exe [2010-11-13 09:26]
.
2012-01-23 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500UA.job
- c:\users\Administrator\AppData\Local\Flock\Update\FlockUpdate.exe [2010-11-13 09:26]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 21:36]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-21 21:36]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-1000.job
- c:\users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 04:48]
.
2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-24 16:35]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1874896750-265115285-1612317344-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-24 16:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CANON DR2580C SVC"="DR25SVC.dll" [2008-12-17 152064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {05842B0C-271B-412F-958F-D1A8F6CAD937} - hxxp://www.clickloan.com/CAB/GenClickLoan/1,0,0,12/GenClickLoan.cab
DPF: {944713E8-1F29-42D9-ABD5-557728B9AC97} - hxxps://ilnet.wellsfargo.com/ilonline/clickloan/ptclickloanwf.cab
DPF: {A2EBA59E-C601-4AE3-900B-6B61F29500BE} - hxxps://widow1.factualdata.com/ocx/print3.ocx
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} - hxxps://techinline.net/Client/TIClient.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ao0p46ik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,3b,1b,6c,f2,7b,
00,8b,27,b0,02,a2,e7,e9,0c,8a,49,c4,09
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,02,
3d,56,12,b2,5a,80,16,42,d0,25,e0,8d,52
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c5,
06,9e,b3,e5,09,be,98,b8,17,8e,6b,fd,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,2a,
8e,31,17,d9,01,95,c2,13,24,74,4d,23,db
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,42,
b4,ee,5a,f7,06,98,3d,8d,50,55,31,33,ea
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cf,66,
b0,52,b3,29,03,99,7d,46,05,ec,53,59,0d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,21,d4,
cc,79,a2,26,0c,83,80,41,9c,2d,7d,83,52
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d2,
c5,76,ff,3d,08,a7,7a,de,65,c3,80,c8,b4
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,01,8d,
ea,93,81,35,0b,82,6a,24,1d,8c,a3,e0,6a
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,1a,
2c,9a,1f,81,08,9f,e7,c2,c8,3a,c5,d5,04
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,1f,
e1,69,97,48,05,a4,35,d4,a9,2b,93,15,1e
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f0,
a3,56,99,b6,5a,a7,e3,42,e0,cb,4f,f5,12
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,4e,
34,c5,00,03,0d,b3,ad,8d,e9,65,6b,02,8c
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,3b,1b,19,b6,ac,
11,b5,3b,e9,0e,a6,9c,5d,ce,e3,45,02,bd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,9f,
6c,f6,6b,44,06,ac,f7,49,fc,1f,7d,e3,63
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b0,7a,1a,98,89,cc,cc,01
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,d9,95,6c,e4,36,cf,4d,89,ac,bb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,d9,95,6c,e4,36,cf,4d,89,ac,bb,\
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3fr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3g2"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gp"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gp2"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.3gpp"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.aac"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.ac3"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acrobatsecuritysettings\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Acrobat.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.adts"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.amc"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.caf"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.cdda"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.dif"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.dv"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.gsm"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4a"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4b"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4p"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.m4v"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mac"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mov"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mp4"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mqv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.mqv"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pct"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Acrobat.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfxml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Acrobat.exe"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pic"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pict"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Png"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pnt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pnt"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pntg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.pntg"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.qt"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qti\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.qti"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.qtif"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="QuickTime.sd2"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x3f\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1874896750-265115285-1612317344-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="htmlfile"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\ping.exe
.
**************************************************************************
.
Completion time: 2012-01-22 23:43:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-23 07:43
ComboFix2.txt 2012-01-22 20:39
.
Pre-Run: 261,262,290,944 bytes free
Post-Run: 261,346,533,376 bytes free
.
- - End Of File - - C7F13F44BCBE4641D4CC132BB7230CA9

Edited by eppisgood, 23 January 2012 - 02:47 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users