Jump to content

Qwertygamer

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral

About Qwertygamer

  • Birthday October 15
  1. I don't know. I recieved this laptop from a relative. Though, it would explain why Microsoft wants me to activate the product...
  2. Oh my gosh. All of my files have turned into .lnk files while I was clearing out some Microsoft Word Documents. That was unexpected. :I How can I turn everything back without chnging any personal data? (I'm currently making a game with RPG Maker VX...)
  3. I don't mean to double-post, but since I can't find any "edit this post" option, I guess I'll have to do this... The system I am using is a HP Laptop with Windows 7 Ultimate.
  4. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Administrator at 21:54:21 on 2012-09-29 Microsoft Black 7 VIII 6.1.7601.1.1252.1.1033.18.1983.685 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uURLSearchHooks: H - No File mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ROCKET~1.LNK - C:\Program Files (x86)\RocketDock\RocketDock.exe uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sg.jhsmiami.org/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{86127804-9C2A-4388-9FF0-04C63411C447} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{86127804-9C2A-4388-9FF0-04C63411C447}\2375942554135383 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{86127804-9C2A-4388-9FF0-04C63411C447}\C496C6F6 : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-19 676936] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R3 DDMF_Audio;DDMF Audio Device;C:\Windows\system32\drivers\DDMFaudio.sys --> C:\Windows\system32\drivers\DDMFaudio.sys [?] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys --> C:\Windows\system32\DRIVERS\vrtaucbl.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 AVP;Kaspersky Anti-Virus Service;"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250288] S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-1-24 13080] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\system32\drivers\vasdDev.sys --> C:\Windows\system32\drivers\vasdDev.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-09-27 21:30:08 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-09-27 21:27:06 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple 2012-09-25 21:11:36 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-25 10:56:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-09-25 10:56:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-21 00:28:15 20480 ----a-w- C:\Windows\svchost.exe 2012-09-19 23:59:15 711240 ----a-w- C:\Windows\isRS-000.tmp 2012-09-12 20:48:46 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 20:48:46 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 20:48:45 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 20:48:45 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 20:48:44 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 20:48:44 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 20:48:44 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-09 23:09:33 -------- d-----w- C:\Users\Administrator\AppData\Local\pesterchum 2012-09-06 02:50:33 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-04 02:43:34 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys . ==================== Find3M ==================== . 2012-09-25 01:50:36 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-25 01:50:36 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-20 23:58:10 1890 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-17 03:31:52 20268032 ----a-w- C:\Windows\SysWow64\imageres.dll 2012-08-17 03:24:14 332288 ----a-w- C:\Windows\System32\uxtheme.dll 2012-08-17 03:24:04 44544 ----a-w- C:\Windows\System32\themeservice.dll 2012-08-17 03:18:51 20268032 ----a-w- C:\Windows\System32\imageres.dll 2012-08-14 23:49:52 60304 ----a-w- C:\Users\Administrator\g2mdlhlpx.exe 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe 2012-07-14 02:34:27 101376 ----a-w- C:\Windows\System32\drivers\vrtaucbl.sys 2012-07-11 01:18:03 3993600 ----a-w- C:\Program Files (x86)\GUT531F.tmp 2012-07-08 05:06:48 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-08 05:06:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-05 04:03:27 88 --sha-r- C:\ProgramData\43AACC869A.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 21:59:31.02 =============== .
  5. Hm...can system restore...er...restore any trojans that were previously removed? RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 09/27/2012 23:18:24 ¤¤¤ Bad processes : 4 ¤¤¤ [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 16 ¤¤¤ [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4790 : wscript.exe -> FOUND [TASK][sUSP PATH] {0D4477AE-5D36-4CEB-9C93-0E8BEADD9C94} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND [TASK][sUSP PATH] {46669B29-3FC1-4435-85F2-4F1F3C2B431A} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {7235F38F-F8F8-40AD-8D2F-20D3F39B4E8F} : C:\Users\Administrator\Desktop\mIRC\Pesterchum\pesterchum.exe -> FOUND [TASK][sUSP PATH] {837337D6-CC6C-48F7-ADD3-4CBD5C832BE1} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {96D7FF85-05E8-428F-96F2-7D503F210BFD} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {AA96AD37-D42E-412D-99FD-8B10305B2114} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {D1B3EBB9-4357-451D-8F46-FDD065789FEC} : C:\Users\Administrator\Desktop\mIRC\Pesterchum\pesterchum.exe -> FOUND [TASK][sUSP PATH] {D468B566-B10B-47EA-AAC6-C306F821DC2D} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHY2160BH ATA Device +++++ --- User --- [MBR] e3d79d75ad63981da9872586b6a60f9b [bSP] 8da9bf924a0dd795bb1ca07506e422fe : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140435 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287611695 | Size: 12189 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  6. Thank you, LD. Welp, apparently one trojan found its way again into the computer.
  7. Getting rid of these trojans that stalk me. ._.

  8. Thank you so very much...now I just gotta get rid of a new Trojan that somehow appeared.

  9. Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 25 Java version out of Date! Adobe Flash Player 11.3.300.271 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 20.0.1132.47 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  10. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.04.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Administrator :: PALS [administrator] Protection: Enabled 9/11/2012 6:40:48 PM mbam-log-2012-09-11 (18-40-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 246378 Time elapsed: 9 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Nothing was found, and the computer has been running faster than it was. Is there anything else left to do?
  11. RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 09/10/2012 18:40:32 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] mirc.exe -- C:\Users\Administrator\Desktop\mIRC\mirc.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 16 ¤¤¤ [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4790 : wscript.exe -> FOUND [TASK][sUSP PATH] {0D4477AE-5D36-4CEB-9C93-0E8BEADD9C94} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND [TASK][sUSP PATH] {46669B29-3FC1-4435-85F2-4F1F3C2B431A} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {7235F38F-F8F8-40AD-8D2F-20D3F39B4E8F} : C:\Users\Administrator\Desktop\mIRC\Pesterchum\pesterchum.exe -> FOUND [TASK][sUSP PATH] {837337D6-CC6C-48F7-ADD3-4CBD5C832BE1} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {96D7FF85-05E8-428F-96F2-7D503F210BFD} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {AA96AD37-D42E-412D-99FD-8B10305B2114} : C:\Users\Administrator\Desktop\Nintendo_WFC_USB\Nintendo_WFC_USB\NintendoWFCReg\setup.exe -> FOUND [TASK][sUSP PATH] {D1B3EBB9-4357-451D-8F46-FDD065789FEC} : C:\Users\Administrator\Desktop\mIRC\Pesterchum\pesterchum.exe -> FOUND [TASK][sUSP PATH] {D468B566-B10B-47EA-AAC6-C306F821DC2D} : C:\Users\Administrator\Desktop\Etc\mbam-setup.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHY2160BH ATA Device +++++ --- User --- [MBR] e3d79d75ad63981da9872586b6a60f9b [bSP] 8da9bf924a0dd795bb1ca07506e422fe : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140435 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 287611695 | Size: 12189 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++ --- User --- [MBR] 5cdb116ed251b7de24a9a608249fd840 [bSP] 4b8b702b557e3455c4e0f1b634afd5c4 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2192 | Size: 7646 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt I also used the system restore to restore the internet connection settings.
  12. ComboFix 12-09-09.02 - Administrator 09/09/2012 22:16:53.1.2 - x64 Microsoft Black 7 VIII 6.1.7601.1.1252.1.1033.18.1983.1155 [GMT -4:00] Running from: c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYC1TCS2\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\43AACC869A.sys c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{361F3BAE-D601-4A0F-80AC-39C484872D00}.xps c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{414B52E2-7E90-4D48-BA12-8F9CC3E9FDFC}.xps c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E38CB9E3-E65D-440B-98C3-9E57EB28B162}.xps c:\users\Administrator\g2mdlhlpx.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 ))))))))))))))))))))))))))))))) . . 2012-09-09 23:09 . 2012-09-09 23:09 -------- d-----w- c:\users\Administrator\AppData\Local\pesterchum 2012-09-06 02:50 . 2012-09-06 02:50 -------- d-----w- C:\TDSSKiller_Quarantine 2012-09-04 02:43 . 2012-09-04 02:43 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-08-18 23:38 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-18 23:38 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-16 23:54 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-16 23:54 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-16 23:54 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-16 23:54 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-16 23:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-16 23:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-16 23:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-16 23:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-16 23:51 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 23:50 . 2012-08-14 23:50 -------- d-----w- c:\program files (x86)\Citrix . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-10 01:19 . 2012-07-05 04:03 1890 --sha-w- c:\programdata\KGyGaAvL.sys 2012-08-17 22:45 . 2012-07-08 04:47 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-17 03:31 . 2009-07-13 23:42 20268032 ----a-w- c:\windows\SysWow64\imageres.dll 2012-08-17 03:24 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll 2012-08-17 03:24 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll 2012-08-17 03:18 . 2009-07-13 23:57 20268032 ----a-w- c:\windows\system32\imageres.dll 2012-08-14 19:49 . 2012-04-19 16:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-14 19:49 . 2012-02-25 16:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe 2012-07-14 02:34 . 2012-07-14 02:34 101376 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys 2012-07-11 01:18 . 2012-07-11 01:18 3993600 ----a-w- c:\program files (x86)\GUT531F.tmp 2012-07-08 05:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-07-08 05:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-07-03 17:46 . 2012-07-16 22:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-18 07:12 . 2012-07-10 19:28 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C8EA1F1-0A5B-47AE-9EA0-0BD7E48E0DB5}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-04 02:43 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ RocketDock.exe - Shortcut.lnk - c:\program files (x86)\RocketDock\RocketDock.exe [2010-3-26 495616] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-01-25 13080] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys [2012-03-19 1454896] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-02 1255736] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528] S3 DDMF_Audio;DDMF Audio Device;c:\windows\system32\drivers\DDMFaudio.sys [2012-01-11 28584] S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-07-14 101376] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-07-14 82816] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contents of the 'Scheduled Tasks' folder . 2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 19:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 15960096] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 82464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) SafeBoot-48001546.sys WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}"=hex:51,66,7a,6c,4c,1d,38,12,a0,ae,7a, 83,97,95,87,0d,d0,a3,24,f1,29,81,6a,75 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34, 5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:70,01,67,fc,c1,7b,cd,01 . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,47, 33,c4,09,08,0b,b5,ad,8c,e9,64,6c,06,8d "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,96, 6b,f7,62,4f,00,aa,f7,48,fc,1e,7a,e7,62 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e0, ad,13,5c,34,04,a7,2c,01,f3,03,cc,46,e3 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,68,a4, 8c,4d,de,9c,06,ac,6d,30,28,49,d1,76,2f "{11111111-1111-1111-1111-110011441179}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,02, 08,23,43,7c,5c,0c,1f,52,40,12,06,55,65 . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:f0,2c,ed,a7,23,5b,cd,01 . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,f4,65,62,fc,d5,73,4b,9b,e0,c5,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,f4,65,62,fc,d5,73,4b,9b,e0,c5,\ "027C9CB72E593A8F02C55092F385DBAC99DF56D067"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,92,f4,65,62,fc,d5,73,4b,9b,e0,c5,\ . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AVI" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.m3u" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M4A" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MOV" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.PARTIAL" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.WEBSITE" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-3105120151-3110620746-182502107-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe . ************************************************************************** . Completion time: 2012-09-09 22:59:17 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-10 02:59 . Pre-Run: 60,972,949,504 bytes free Post-Run: 69,687,754,752 bytes free . - - End Of File - - 19DE0F2020EB061B7BCD132D201C259F
  13. I was away yesterday and (a bit of) today. I'll get started on making the restore point, and running combo fix.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.