InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : System wont log on.? |
|
Answer» Ill start by letting you know im a super-beginer, so please bear with me.
This sounds like a software or hardware problem, not an infection. Please try this even if you don't have the OS disk and tell me what happens. 1/ Click the Start button. 2/ From the Start Menu, Click All programs followed by Accessories. 3/ In the Accessories menu, Right Click on the Command Prompt option. 4/ From the drop down menu that appears, Click on the Run as administrator option. 5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc. 6/ In the Command Prompt window, type: sfc /scannow and then press Enter. 7/ A message will appear stating that the system scan will begin. 8/ Be patient because the scan may take some time. 9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. 10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations. 11/ After the scan has completed, Close the command prompt window. Hi dave, I had the adwcleaner.txt file saved already so i can send you that. I remembered that in the past, when this happened, the only thing that worked was a 'system restore', so i just did one. I rolled back to 3-10-13, 3 days before the crash on 3-13-13. It worked and my pc looks fine. I had to update, avast, AMD, and windows. However, i know something is wrong, as this happens every 2-4 months (last time this happened was longer,,maybe 6 months). I suspect i have some conflict between the video card and the pc, but im guessing. So i just now ran sfc /scannow as you suggested and it says "the system file repair changes will take effect after the next reboot". Any thoughts are welcome. Mike here is the contents of the file that ran during the problem: # AdwCleaner v2.114 - Logfile created 03/14/2013 at 20:10:53 # Updated 05/03/2013 by Xplode # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits) # User : Administrator - MIKE-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM7UNEPR\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com ***** [Registry] ***** Key Found : HKCU\Software\GreenTree Applications Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B} Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE} Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3} Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10} Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v4.0.1 (en-US) File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vwh8u60q.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.172 File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5833 octets] - [14/03/2013 20:10:54] ########## EOF - C:\AdwCleaner[R1].txt - [5893 octets] ##########Quote So i just now ran sfc /scannow as you suggested and it says "the system file repair changes will take effect after the next reboot".It would appear that somehow some files are being corrupted. Do you want to run some more scans just to make sure that the computer is clean?sure, if you think it could find the problem. I should say ive run quite a few already. The eventviewer collects info chronologically. I would think its errors/warnings would reveal the issue, but i just dont understand the codes. Anyway...let me know which scans to run? Mike.Download DDS from HERE or HERE and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. * Save both reports to your desktop. * The instructions here ask you to attach the Attach.txt. 1) DDS.txt 2) Attach.txt Instead of attaching, please copy/past both logs into your Thread Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by COPYING and pasting it into the reply. •Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) ********************************************* Download Combofix from any of the links below, and save it to your DESKTOP. If your version of Windows defaults to you download folder you will need to copy it to your desktop. Link 1 Link 2 Link 3 To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
Click I Agree to start the program. ComboFix will then extract the necessary files and you will see this: As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7 It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt). Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.Hi Dave, I already had the DDS and attach files on my desktop from a suggestion i read on line. The combofix didnt look like what you described above...but it ran quickly and left a .txt file unsaved...which i saved to my desktop. All 3 files contents are as follows: ------------------------------------------------- DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_37 Run by Administrator at 20:15:06 on 2013-03-14 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.5068 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\mmc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mail.live.com/ mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r mRun: [UpdReg] C:\Windows\UpdReg.EXE mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry mRun: [ATICustomerCare] "c:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll" mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{205CC84C-1B7D-41F6-984D-FBA196BAF95E} : DHCPNameServer = 209.18.47.61 209.18.47.62 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-13 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-13 178624] R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2012-5-19 39424] S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-28 1025808] S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-5-15 377920] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-5 236544] S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-5-15 33400] S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-5-15 80816] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-20 45248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] S2 gupdate1c9d65375957529;Google Update Service (gupdate1c9d65375957529);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-16 133104] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-5 79360] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-03-14 01:46:1173432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 01:46:11693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-06 22:33:2168920----a-w-C:\Windows\System32\drivers\aswTdi.sys 2013-03-06 22:33:2165336----a-w-C:\Windows\System32\drivers\aswRvrt.sys 2013-03-06 22:33:21377920----a-w-C:\Windows\System32\drivers\aswSP.sys 2013-03-06 22:33:21178624----a-w-C:\Windows\System32\drivers\aswVmm.sys 2013-03-06 22:33:211025808----a-w-C:\Windows\System32\drivers\aswSnx.sys 2013-03-06 22:33:2080816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys 2013-03-06 22:33:2059144----a-w-C:\Windows\System32\drivers\aswRdr.sys 2013-03-06 22:33:2033400----a-w-C:\Windows\System32\drivers\aswFsBlk.sys 2013-03-06 22:32:5141664----a-w-C:\Windows\avastSS.scr 2013-03-06 22:32:22287840----a-w-C:\Windows\System32\aswBoot.exe 2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.xtr 2013-03-02 20:42:57215128----a-w-C:\Windows\SysWow64\PnkBstrB.exe 2013-02-21 05:40:5470004024----a-w-C:\Windows\System32\mrt.exe 2013-01-17 06:28:58273840------w-C:\Windows\System32\MpSigStub.exe 2013-01-09 01:48:5517812992----a-w-C:\Windows\System32\mshtml.dll 2013-01-09 01:22:2610925568----a-w-C:\Windows\System32\ieframe.dll 2013-01-09 01:19:092312704----a-w-C:\Windows\System32\jscript9.dll 2013-01-09 01:12:291346048----a-w-C:\Windows\System32\urlmon.dll 2013-01-09 01:12:031392128----a-w-C:\Windows\System32\wininet.dll 2013-01-09 01:11:061494528----a-w-C:\Windows\System32\inetcpl.cpl 2013-01-09 01:10:26237056----a-w-C:\Windows\System32\url.dll 2013-01-09 01:09:1085504----a-w-C:\Windows\System32\jsproxy.dll 2013-01-09 01:07:51173056----a-w-C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:50816640----a-w-C:\Windows\System32\jscript.dll 2013-01-09 01:07:47599040----a-w-C:\Windows\System32\vbscript.dll 2013-01-09 01:06:39729088----a-w-C:\Windows\System32\msfeeds.dll 2013-01-09 01:05:452147840----a-w-C:\Windows\System32\iertutil.dll 2013-01-09 01:04:5896768----a-w-C:\Windows\System32\mshtmled.dll 2013-01-09 01:04:422382848----a-w-C:\Windows\System32\mshtml.tlb 2013-01-09 01:00:48248320----a-w-C:\Windows\System32\ieui.dll 2013-01-08 22:23:2512321280----a-w-C:\Windows\SysWow64\mshtml.dll 2013-01-08 22:11:211800704----a-w-C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:09:189738240----a-w-C:\Windows\SysWow64\ieframe.dll 2013-01-08 22:03:571103872----a-w-C:\Windows\SysWow64\urlmon.dll 2013-01-08 22:03:201129472----a-w-C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:121427968----a-w-C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 22:01:48231936----a-w-C:\Windows\SysWow64\url.dll 2013-01-08 22:00:1465024----a-w-C:\Windows\SysWow64\jsproxy.dll 2013-01-08 21:59:02142848----a-w-C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:43717824----a-w-C:\Windows\SysWow64\jscript.dll 2013-01-08 21:58:29420864----a-w-C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:57:49607744----a-w-C:\Windows\SysWow64\msfeeds.dll 2013-01-08 21:56:511796096----a-w-C:\Windows\SysWow64\iertutil.dll 2013-01-08 21:56:3773216----a-w-C:\Windows\SysWow64\mshtmled.dll 2013-01-08 21:56:232382848----a-w-C:\Windows\SysWow64\mshtml.tlb 2013-01-08 21:53:13176640----a-w-C:\Windows\SysWow64\ieui.dll 2013-01-05 05:37:504695400----a-w-C:\Windows\System32\ntoskrnl.exe 2013-01-04 11:31:101423720----a-w-C:\Windows\System32\drivers\tcpip.sys 2013-01-04 01:59:242773504----a-w-C:\Windows\System32\win32k.sys 2012-12-16 13:31:2048128----a-w-C:\Windows\System32\atmlib.dll 2012-12-16 13:12:5434304----a-w-C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21368128----a-w-C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29293376----a-w-C:\Windows\SysWow64\atmfd.dll . ============= FINISH: 20:17:05.29 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/8/2009 5:25:39 PM System Uptime: 3/14/2013 7:46:42 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P6T Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2672/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 223.639 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 437.876 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . µTorrent Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 Adobe Shockwave Player 11.6 AMD APP SDK Runtime AMD Catalyst Install Manager Apple Software Update ATI AVIVO64 Codecs ATI Catalyst Registration avast! Free Antivirus Batman: Arkham City™ Battlefield: Bad Company 2 BearShare BioShock 2 BitTorrent Borderlands Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Compatibility Pack for the 2007 Office system Counter-Strike Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition CrossLoop 2.60 D3DX10 Day of Defeat Dual-Core Optimizer EA Download Manager F.E.A.R. 2: Project Origin Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Half-Life 2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HydraVision Java Auto Updater Java(TM) 6 Update 37 Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 Media Player Codec Pack 4.0.0 Mesh Runtime Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Easy Assist v2 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Mozilla Firefox 4.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) NirSoft BlueScreenView NVIDIA PhysX PhotoScape PMB PMB Updater QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Segoe UI Sound Blaster Audigy SpywareBlaster 4.2 Steam swMSM System Requirements Lab CYRI Team Fortress 2 Team Fortress Classic Trillian Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.0.3 Windows 7 Upgrade Advisor Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wise Registry Cleaner 5.9.4 WMI Tools Wolfenstein(TM) 1.1 Patch Wolfenstein(TM) 1.1 Patch Xvid 1.1.3 final uninstall YTD YouTube Downloader & Converter 3.6 . ==== End Of File =========================== ComboFix 13-03-16.02 - Administrator 03/16/2013 21:30:08.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4119 [GMT -4:00] Running from: c:\users\Administrator\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Administrator\Favorites\bookmarks.html c:\windows\SysWow64\tmp1FCF.tmp . . ((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 ))))))))))))))))))))))))))))))) . . 2013-03-17 01:36 . 2013-03-17 01:37--------d-----w-c:\users\Administrator\AppData\Local\temp 2013-03-17 01:36 . 2013-03-17 01:36--------d-----w-c:\users\Mike\AppData\Local\temp 2013-03-17 01:36 . 2013-03-17 01:36--------d-----w-c:\users\Default\AppData\Local\temp 2013-03-16 00:11 . 2013-03-16 00:11--------d-----w-c:\programdata\ATI 2013-03-15 23:48 . 2013-02-08 00:289162192----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8309AEA8-3945-4888-ACAF-C555BEE24269}\mpengine.dll 2013-02-21 05:42 . 2013-01-09 01:10996352----a-w-c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-21 05:42 . 2013-01-08 22:01768000----a-w-c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-21 00:47 . 2013-01-04 11:311423720----a-w-c:\windows\system32\drivers\tcpip.sys 2013-02-21 00:47 . 2013-01-04 01:592773504----a-w-c:\windows\system32\win32k.sys 2013-02-21 00:47 . 2012-11-08 04:261570816----a-w-c:\windows\system32\quartz.dll 2013-02-21 00:47 . 2012-11-08 03:481314816----a-w-c:\windows\SysWow64\quartz.dll 2013-02-21 00:46 . 2013-01-05 05:374695400----a-w-c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-16 00:46 . 2012-03-31 00:39693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-16 00:46 . 2011-05-21 00:2373432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 23:38 . 2006-11-02 12:3572013344----a-w-c:\windows\system32\mrt.exe 2013-03-02 20:42 . 2012-08-29 02:07215128----a-w-c:\windows\SysWow64\PnkBstrB.xtr 2013-03-02 20:42 . 2009-10-26 01:39215128----a-w-c:\windows\SysWow64\PnkBstrB.exe 2013-01-17 06:28 . 2009-10-05 01:16273840------w-c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-16 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-03-04 380928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2007-03-01 180224] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "P17RunE"="P17RunE.dll" [2008-03-28 14848] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelperREG_MULTI_SZ getPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-16 16:561629648----a-w-c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:47] . 2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 18:23] . 2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-16 18:23] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50133400----a-w-c:\program files\Alwil Software\Avast5\ashShA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mail.live.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 . . ------- File Associations ------- . JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,02, 3e,52,19,bd,5a,80,13,4b,d0,24,e6,8c,57 "{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,1a, 2f,9e,14,8e,08,9f,e2,cb,c8,3b,c3,d4,01 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,42, b7,ea,51,f8,06,98,38,84,50,54,37,32,ef "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c1,73, b2,6f,2d,51,0d,ad,f1,85,26,b6,ee,61,45 . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:3b,d2,ce,b4,06,13,cc,01 . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a2,e3,cd,10,63,10,4a,be,f3,6c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,a2,e3,cd,10,63,10,4a,be,f3,6c,\ "6256FFB019F8FDFBD36745B06F4540E9AEAF222 A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,04,41,8b,1e,17,84,42,b1,25,f3,\ . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.avi" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\vlc.exe" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M3U" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="QuickTime.mp4" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice] @Denied: (2) (Administrator) "Progid"="VLC.mts" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.PARTIAL" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice] @Denied: (2) (Administrator) "Progid"="rar_auto_file" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.WEBSITE" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:57,44,b7,b8,5f,da,2c,3d,49,61,00,ac,1b,51,fc,10,95,e7,e5,9b,9b,13,13, 0b,a6,35,f0,c4,eb,40,ca,69,40,f1,51,36,ff,9e,a3,b6,93,97,f6,b5,42,49,4e,bb,\ "??"=hex:46,08,b3,cc,5f,7e,4a,5c,f1,45,c4,c4,77,b7,9f,db . [HKEY_USERS\S-1-5-21-1840366709-3044067625-2682742513-500\Software\SecuROM\License information*] "datasecu"=hex:cd,03,d0,87,fa,b4,4e,8a,43,cc,97,55,85,a8,6c,ec,3a,4a,6a,70,57, 8a,3e,e9,a1,4c,dd,26,03,46,35,6c,c2,36,e5,f9,58,0f,62,3e,43,96,eb,0f,f7,fa,\ "rkeysecu"=hex:34,b5,d6,38,b4,87,aa,18,39,c6,c2,94,be,92,8c,ee . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2013-03-16 21:40:53 ComboFix-quarantined-files.txt 2013-03-17 01:40 . Pre-Run: 237,102,080,000 bytes free Post-Run: 237,574,098,944 bytes free . - - End Of File - - 1FAA75E06EA2529044CC6305B7FCA802 P2P - I see you have P2P software installed on your machine. µTorrent and BitTorrent We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. ************************************************** There should be another DDS log named Attach.txt Could you please find it and post that log? Just do a search by that name.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT and includes the alphabetized list of programs on the pc. Is that the one you meant?RogueKiller V8.5.3 [Mar 16 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 03/17/2013 20:35:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++ --- User --- [MBR] 0725f318b95ef5a1b98cc965924f0ba3 [BSP] d317bbe8fe49ef8d36b11c659caec922 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Hitachi HDP725050GLA360 ATA Device +++++ --- User --- [MBR] e37173bb3efb321b3049df9a9b6f118f [BSP] f3f4d122083aea733fb462b050acb01c : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03172013_02d2035.txt >> RKreport[1]_S_03172013_02d2035.txt The DDS attach log usually shows errors on your machine but I don't see any. I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser.
•Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt It ran and it came with 2 threats which it said it removed. These are the only contents of the txt file C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\200e0bc3-6ead4773a variant of Java/Exploit.Agent.NMN trojancleaned by deleting - quarantined C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2ac74c85-6fac2329multiple threatscleaned by deleting - quarantined I checked the Uninstall box on the main window. So These are the things ive done so far: AdwCleaner Malwarebytes' Anti-Malware DDS logs (DDS.txt & Attach.txt) sfc /scannow COMBOFIX ROGUEKILLER (rkreport) F8 (advanced options) repair your computer minidump.dmp bluescreenview (nirsoft) (BSOD.txt) CHKDSK ESET online scanner Probably safe to say, my issue is not virus related but some conflict, that caused the system to to hang upon startup. I still have errors in EVENTVIEWER, i get them every time i login - without problems..its my guess that the solution lies in deciphering that. Luckily my pc is running smoothly now, and i may not have a problem for months.Quote Luckily my pc is running smoothly now, and i may not have a problem for months.I have to agree with your assessment of the situation. Let's do some cleanup and if the problem comes back you could try doing a repair from the Recovery Console or start a post in one of the Software forums. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you. ******************************************* To set a new Restore Point. Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode. Click the Start button , click Control Panel, click System and Maintenance, and then click System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK. This will give you a new, clean Restore Point. ***************************************************** Click Start> Computer> right click the C Drive and choose Properties> enter Click Disk Cleanup from there. Click OK on the Disk Cleanup Screen. Click Yes on the Confirmation screen. This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive) **************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!will do. You can go ahead and close this thread. Thanks for the time spent. One last question...should i uninstall Java? I have a request for an update i've been ignoring for weeks...because ive heard java could be trouble. Thanks.Quote One last question...should i uninstall Java?It's up to you. Some people don't use Java. There was some security problems with Java a few months ago but that's been cleared up. |
|