Are VBS files are dangerous?

ripshock · Dec 4, 2013

so i had this problem that my files on usb turned into shortcuts but i fixed it with combofix and i also knew that this problem is caused by a vbs files, so i found some vbs file on my computer by windows search while show hidden files and folders was on and hide extensions.....and hide protected system file......were unchecked

Saga Lout · Dec 4, 2013

Did you leave the stick plugged in while ComboFix did its stuff? What are the attributes of the files that were affected? Were they showing as Hidden?

ripshock · Dec 4, 2013

Saga Lout :

yes,
ComboFix 13-12-01.01 - Administrator 12/02/2013 19:33:32.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3982.2758 [GMT 2:00]
Running from: c:\users\Administrator\Documents\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\SPL3334.tmp
c:\programdata\SPL697D.tmp
c:\programdata\SPLCDB1.tmp
c:\users\Administrator\AppData\Roaming\KW
c:\users\Administrator\AppData\Roaming\KW\bl0001.dat
c:\users\Administrator\AppData\Roaming\KW\bl0002.dat
c:\users\Administrator\AppData\Roaming\KW\bl0003.dat
c:\users\Administrator\AppData\Roaming\KW\bl0004.dat
c:\users\Administrator\AppData\Roaming\KW\bl0005.dat
c:\users\Administrator\AppData\Roaming\KW\bl0006.dat
c:\users\Administrator\AppData\Roaming\KW\bl0007.dat
c:\users\Administrator\AppData\Roaming\KW\bl0008.dat
c:\users\Administrator\AppData\Roaming\KW\bl0009.dat
c:\users\Administrator\AppData\Roaming\KW\bl0010.dat
c:\users\Administrator\AppData\Roaming\KW\bl0011.dat
c:\users\Administrator\AppData\Roaming\KW\bl0012.dat
c:\users\Administrator\AppData\Roaming\KW\bl0013.dat
c:\users\Administrator\AppData\Roaming\KW\bl0014.dat
c:\users\Administrator\AppData\Roaming\KW\bl0015.dat
c:\users\Administrator\AppData\Roaming\KW\bl0016.dat
c:\users\Administrator\AppData\Roaming\KW\bl0017.dat
c:\users\Administrator\AppData\Roaming\KW\bl0018.dat
c:\users\Administrator\AppData\Roaming\KW\bl0019.dat
c:\users\Administrator\AppData\Roaming\KW\bl0020.dat
c:\users\Administrator\AppData\Roaming\KW\bl0021.dat
c:\users\Administrator\AppData\Roaming\KW\bl0022.dat
c:\users\Administrator\AppData\Roaming\KW\bl0023.dat
c:\users\Administrator\AppData\Roaming\KW\bl0024.dat
c:\users\Administrator\AppData\Roaming\KW\bl0025.dat
c:\users\Administrator\AppData\Roaming\KW\bl0026.dat
c:\users\Administrator\AppData\Roaming\KW\bl0027.dat
c:\users\Administrator\AppData\Roaming\KW\bl0028.dat
c:\users\Administrator\AppData\Roaming\KW\bl0029.dat
c:\users\Administrator\AppData\Roaming\KW\bl0030.dat
c:\users\Administrator\AppData\Roaming\KW\bl0031.dat
c:\users\Administrator\AppData\Roaming\KW\bl0032.dat
c:\users\Administrator\AppData\Roaming\KW\bl0033.dat
c:\users\Administrator\AppData\Roaming\KW\bl0034.dat
c:\users\Administrator\AppData\Roaming\KW\bl0035.dat
c:\users\Administrator\AppData\Roaming\KW\bl0036.dat
c:\users\Administrator\AppData\Roaming\KW\bl0037.dat
c:\users\Administrator\AppData\Roaming\KW\bl0038.dat
c:\users\Administrator\AppData\Roaming\KW\bl0039.dat
c:\users\Administrator\AppData\Roaming\KW\bl0040.dat
c:\users\Administrator\AppData\Roaming\KW\bonus.kkll
c:\windows\msvcr71.dll
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\tmpF22E.tmp
c:\windows\SysWow64\tmpF2CB.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-11-02 to 2013-12-02 )))))))))))))))))))))))))))))))
.
.
2013-12-02 17:38 . 2013-12-02 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 16:49 . 2013-12-02 16:49 96856 ----a-w- c:\windows\system32\drivers\SMR410.SYS
2013-12-02 16:18 . 2013-12-02 16:18 -------- d-----w- c:\users\Administrator\.spss
2013-12-02 16:18 . 2013-12-02 16:18 -------- d-----w- c:\users\Administrator\AppData\Local\IBM
2013-12-02 16:18 . 2013-12-02 16:18 -------- d-----w- c:\users\Administrator\AppData\Local\javasharedresources
2013-12-02 16:16 . 2013-12-02 16:16 -------- d-----w- c:\programdata\SafeNet Sentinel
2013-12-02 16:16 . 2013-12-02 16:16 -------- d-----w- c:\programdata\SPSS
2013-12-02 16:14 . 2013-12-02 16:14 -------- d-----w- c:\program files\Common Files\IBM
2013-12-02 16:13 . 2013-12-02 16:13 -------- d-----w- c:\program files\IBM
2013-12-02 12:49 . 2013-12-02 16:50 -------- d-----w- c:\users\Administrator\AppData\Local\NPE
2013-12-02 12:29 . 2013-12-02 17:29 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-12-02 12:13 . 2013-12-02 17:29 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2013-12-02 11:35 . 2013-12-02 17:28 -------- d-----w- c:\programdata\NCOTEMP
2013-12-02 11:35 . 2013-12-02 17:28 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2013-12-02 11:22 . 2013-12-02 14:21 -------- d-----w- c:\programdata\Norton
2013-12-01 19:24 . 2013-12-02 10:55 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-30 17:17 . 2013-11-30 17:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\Zbshareware Lab
2013-11-30 16:51 . 2013-11-30 17:16 -------- d-----w- c:\program files (x86)\AutorunRemover
2013-11-30 11:20 . 2013-11-30 11:20 -------- d-----w- c:\program files\WinRAR
2013-11-27 19:18 . 2013-11-27 19:21 -------- d-----w- c:\users\Administrator\AppData\Roaming\mjusbsp
2013-11-27 09:43 . 2013-11-27 09:43 -------- d-----w- c:\users\Administrator\.aria2
2013-11-24 11:12 . 2013-11-27 10:06 -------- d-----w- c:\program files (x86)\Conduit
2013-11-24 11:12 . 2013-12-02 11:09 -------- d-----w- c:\users\AppData
2013-11-21 14:07 . 2013-09-20 13:34 458938 --sha-w- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oajyjjacqe..vbs
2013-11-19 13:06 . 2013-11-20 02:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\uTorrent
2013-11-17 15:37 . 2013-11-17 15:37 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-17 15:37 . 2013-11-17 15:37 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-17 15:27 . 2013-07-17 21:43 20464 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2013-11-17 15:26 . 2013-09-23 22:42 4021248 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-11-17 15:20 . 2013-09-10 00:02 6217904 ----a-w- c:\windows\system32\DDPP64A.dll
2013-11-17 15:20 . 2013-09-10 00:02 313520 ----a-w- c:\windows\system32\DDPO64A.dll
2013-11-17 15:20 . 2013-09-10 00:01 1938608 ----a-w- c:\windows\system32\DDPD64A.dll
2013-11-17 15:20 . 2013-09-10 00:01 260272 ----a-w- c:\windows\system32\DDPA64.dll
2013-11-17 15:17 . 2013-10-06 20:26 501184 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2013-11-17 15:17 . 2013-10-06 20:26 487360 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2013-11-17 15:17 . 2013-10-06 20:26 415680 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2013-11-17 15:17 . 2013-10-11 08:47 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2013-11-17 15:17 . 2013-10-15 23:43 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2013-11-17 15:17 . 2013-08-20 13:37 605496 ----a-w- c:\windows\system32\audioLibVc.dll
2013-11-17 15:15 . 2013-09-09 17:41 449528 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2013-11-17 15:14 . 2013-09-20 12:41 28008 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2013-11-17 15:14 . 2013-09-20 12:41 630632 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2013-11-17 15:12 . 2013-08-27 10:08 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-11-17 15:12 . 2013-08-27 10:08 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-11-17 09:18 . 2012-08-02 08:22 14992 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2013-11-17 09:03 . 2013-11-17 09:04 -------- d-----w- c:\windows\SysWow64\Adobe
2013-11-17 09:03 . 2013-11-17 09:03 -------- d-----w- c:\windows\SysWow64\Backup
2013-11-17 09:03 . 2013-11-17 09:03 -------- d-----w- c:\windows\system32\Backup
2013-11-17 08:52 . 2013-07-17 21:43 795632 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2013-11-17 08:52 . 2013-07-17 21:43 358896 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2013-11-17 08:49 . 2013-04-24 15:16 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2013-11-17 08:48 . 2013-06-25 10:47 162224 ----a-w- c:\windows\system32\toseaeapo64.dll
2013-11-17 08:48 . 2013-06-25 10:47 871856 ----a-w- c:\windows\system32\tossaeapo64.dll
2013-11-17 08:48 . 2013-06-25 10:46 582056 ----a-w- c:\windows\system32\tosasfapo64.dll
2013-11-17 08:48 . 2013-04-03 12:13 906800 ----a-w- c:\windows\system32\MISS_APO.dll
2013-11-17 08:48 . 2012-08-31 17:18 7164176 ----a-w- c:\windows\system32\R4EEP64A.dll
2013-11-17 08:48 . 2012-08-31 17:17 141584 ----a-w- c:\windows\system32\R4EEL64A.dll
2013-11-17 08:48 . 2012-08-31 17:17 75024 ----a-w- c:\windows\system32\R4EEG64A.dll
2013-11-17 08:48 . 2012-08-31 17:17 434960 ----a-w- c:\windows\system32\R4EED64A.dll
2013-11-17 08:48 . 2012-08-31 17:17 124176 ----a-w- c:\windows\system32\R4EEA64A.dll
2013-11-17 08:48 . 2013-07-24 08:07 2032896 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2013-11-17 08:48 . 2013-08-05 16:11 2743328 ----a-w- c:\windows\system32\FMAPO64.dll
2013-11-17 08:48 . 2013-06-21 09:01 109848 ----a-w- c:\windows\system32\AcpiServiceVnA64.dll
2013-11-17 08:44 . 2013-01-23 14:57 64624 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-11-17 08:43 . 2013-07-12 07:42 309976 ----a-w- c:\windows\system32\drivers\RtsBaStor.sys
2013-11-17 08:43 . 2013-04-25 14:12 9889352 ----a-w- c:\windows\SysWow64\RtsBaStorIcon.dll
2013-11-17 08:42 . 2013-04-24 13:42 30848 ----a-w- c:\windows\system32\drivers\btath_bus.sys
2013-11-16 16:57 . 2013-11-16 16:57 -------- d-----w- c:\users\Administrator\AppData\Roaming\DivX
2013-11-16 16:56 . 2013-11-16 16:57 -------- d-----w- c:\program files\DivX
2013-11-16 16:34 . 2013-11-16 16:34 -------- d-----w- c:\users\Administrator\AppData\Local\Trend Micro
2013-11-15 19:08 . 2013-12-01 19:49 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2013-11-15 13:35 . 2013-11-15 13:38 22064 ----a-w- c:\windows\DCEBoot64.exe
2013-11-12 08:58 . 2013-11-12 08:58 603617 ----a-w- c:\programdata\SPL2BC.tmp
2013-11-12 05:07 . 2013-11-12 05:07 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-11-12 05:07 . 2013-11-13 13:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Pro
2013-11-12 05:07 . 2013-11-12 05:09 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2013-11-12 05:06 . 2013-11-27 10:06 -------- d-----w- c:\programdata\DAEMON Tools Pro
2013-11-11 18:33 . 2013-11-11 18:33 -------- d-----w- c:\users\Administrator\.swt
2013-11-11 18:32 . 2013-11-11 18:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\Azureus
2013-11-10 09:45 . 2013-11-10 09:45 -------- d-----w- c:\users\Administrator\AppData\Local\PunkBuster
2013-11-10 09:32 . 2013-11-11 13:00 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-10 09:32 . 2013-11-10 09:45 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-11-10 09:18 . 2013-11-11 20:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2013-11-10 08:44 . 2013-11-10 08:44 -------- d-sh--w- c:\windows\ftpcache
2013-11-09 21:45 . 2013-11-09 21:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Python-Eggs
2013-11-09 21:45 . 2013-11-19 12:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitLord
2013-11-09 21:12 . 2013-12-02 16:36 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitTorrent
2013-11-09 13:58 . 2013-11-09 13:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\bizarre creations
2013-11-09 13:21 . 2013-11-09 13:21 -------- d-----w- c:\windows\64F6748976BB4CDDA236F954BE774B35.TMP
2013-11-09 04:24 . 2013-11-09 04:24 -------- d-----w- c:\users\Administrator\AppData\Local\TeknoGods
2013-11-05 19:28 . 2013-11-05 19:28 -------- d-----w- C:\temp
2013-11-05 17:56 . 2013-11-05 19:33 -------- d-----w- c:\users\Administrator\AppData\Local\Intel_Corporation
2013-11-04 16:43 . 2013-11-04 16:43 -------- d-----w- c:\program files (x86)\Creative
2013-11-04 16:43 . 2001-12-11 10:52 135168 ----a-w- c:\windows\SysWow64\eax.dll
2013-11-04 16:43 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-11-04 16:42 . 2013-11-04 16:42 -------- d-----w- c:\program files (x86)\OpenAL
2013-11-04 16:42 . 2010-06-11 15:16 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2013-11-04 16:42 . 2010-06-11 15:16 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-11-04 16:42 . 2010-06-11 15:16 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2013-11-04 16:42 . 2010-06-11 15:16 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-11-04 16:38 . 2013-11-04 16:38 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-11-04 16:38 . 2013-11-09 13:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-04 16:30 . 2013-11-04 16:30 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-11-04 16:30 . 2013-11-04 16:30 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-11-04 16:29 . 2013-11-04 16:29 -------- d-----w- c:\windows\Sun
2013-11-04 15:51 . 2008-10-10 02:52 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-11-04 15:51 . 2008-10-10 02:52 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2013-11-04 15:42 . 2013-11-04 15:48 -------- d--h--w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-02 16:49 . 2013-10-13 14:09 387 ----a-w- c:\users\Administrator\AppData\Roaming\sp_data.sys
2013-12-02 14:54 . 2013-10-31 14:47 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-11-27 10:13 . 2013-08-20 10:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-06 18:16 . 2013-09-23 12:14 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-17 17:01 . 2013-10-17 17:01 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-13 14:54 . 2013-10-13 14:27 34 ----a-w- c:\users\Administrator\lock1.bat
2013-10-13 14:54 . 2013-10-13 14:27 34 ----a-w- c:\users\Administrator\lock.bat
2013-10-10 21:10 . 2013-09-08 08:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-10 21:09 . 2013-09-08 08:43 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-10-10 21:09 . 2013-09-08 08:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-10-10 21:09 . 2013-09-08 08:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-10-08 04:50 . 2013-10-21 06:00 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-23 12:13 . 2013-09-23 12:13 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-09-23 12:13 . 2013-09-23 12:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-09-23 12:13 . 2013-09-23 12:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-09-22 23:28 . 2013-10-27 00:19 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-27 00:19 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-27 00:20 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-27 00:20 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-27 00:20 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-27 00:19 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-27 00:19 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-27 00:19 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-27 00:19 19252224 ----a-w- c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-27 00:19 855552 ----a-w- c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-27 00:19 3959296 ----a-w- c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-27 00:19 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-27 00:20 526336 ----a-w- c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-27 00:20 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-27 00:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-27 00:20 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-27 00:20 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-27 00:19 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-27 00:20 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-27 00:20 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-27 00:20 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-27 00:20 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-18 20:08 . 2013-09-18 20:08 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2013-09-14 01:10 . 2013-10-24 04:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-24 04:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-24 04:44 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-24 04:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-06 09:32 . 2013-09-06 09:32 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10191C79-163A-4AF2-A30A-56DF1D81BC36}\offreg.dll
2013-09-04 15:08 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-04 12:12 . 2013-10-27 11:49 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-27 11:49 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-27 11:49 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-27 11:49 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-27 11:49 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-27 11:49 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-27 11:49 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files (x86)\AntiDust.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-06-25 322208]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2012-06-19 174752]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
oajyjjacqe..vbs [2013-9-20 458938]
OUTLOOK - Shortcut.lnk - c:\program files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2013-7-18 15990440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
R3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\system32\DRIVERS\AsusTP.sys;c:\windows\SYSNATIVE\DRIVERS\AsusTP.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S4 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\ccSetx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SMR410
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20 10:13]
.
2013-12-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
2013-12-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-18 13657304]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"kk1"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-22 440600]
"oajyjjacqe"="wscript.exe" [2009-07-14 168960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.linkzb.com
mStart Page = hxxp://www.linkzb.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b317125e-2f10-4388-bf1f-2c31c6cd89ed} - c:\program files (x86)\DigitalPowered\tbDigi.dll
BHO-{b317125e-2f10-4388-bf1f-2c31c6cd89ed} - c:\program files (x86)\DigitalPowered\tbDigi.dll
Toolbar-Locked - (no file)
Toolbar-{b317125e-2f10-4388-bf1f-2c31c6cd89ed} - c:\program files (x86)\DigitalPowered\tbDigi.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{B317125E-2F10-4388-BF1F-2C31C6CD89ED} - (no file)
AddRemove-iCare Data Recovery Free_is1 - c:\program files (x86)\iCare Data Recovery Free\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML.KJOE5CON4YSEURCOUTJD6SBO2M"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,2f,b0,
00,2d,86,3b,0f,8d,87,31,53,05,49,e9,46
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8f,05,
6a,c0,8c,45,03,ae,e9,8b,8f,f1,9f,68,56
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,3b,1b,d4,ee,01,
91,31,54,bd,0e,9e,03,4e,f9,1f,99,c4,33
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cc,21,
8c,32,16,d6,0f,96,ce,0e,31,76,4e,26,d3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,40,91,
b2,6c,74,bd,0b,97,79,ae,a2,85,5c,01,82
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b0,e2,
a8,11,54,30,0c,a2,20,1d,e6,00,c8,47,ea
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,3b,1b,ed,a2,bd,
a7,6e,a0,10,05,93,31,5f,be,9f,55,91,b9
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,18,d9,
c7,75,fe,32,06,a4,76,c3,70,c1,83,cd,bc
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,29,94,
6e,f5,6a,4b,08,af,fb,54,e9,1d,7e,e6,6b
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,02,45,
36,c6,01,0c,03,b0,a1,90,fc,67,68,07,84
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:03,66,b9,93,a9,dc,ce,01
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,97,42,66,68,19,51,4e,9d,07,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,97,42,66,68,19,51,4e,9d,07,30,\
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3ga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="3ga_auto_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_asf_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MediaCenter.DVR"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="emffile"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Gif"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.KTQVUKNN7ODEVUAFD2KIBAGI5M"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.KTQVUKNN7ODEVUAFD2KIBAGI5M"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mov_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mp4_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mpeg_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mpg_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oft\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.oft.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.one\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OneNote.Section.1"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.onepkg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OneNote.Package"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.onetoc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OneNote.TableOfContents"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.onetoc2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OneNote.TableOfContents.12"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.pst.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (Administrator)
"Progid"="rlefile"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.KTQVUKNN7ODEVUAFD2KIBAGI5M"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs.14"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vir\UserChoice]
@Denied: (2) (Administrator)
"Progid"="vir_auto_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.KTQVUKNN7ODEVUAFD2KIBAGI5M"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="wmffile"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_wmv_file"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.KTQVUKNN7ODEVUAFD2KIBAGI5M"
.
[HKEY_USERS\S-1-5-21-635796849-805094244-3292948335-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML.KTQVUKNN7ODEVUAFD2KIBAGI5M"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-02 19:40:18
ComboFix-quarantined-files.txt 2013-12-02 17:40
.
Pre-Run: 148,873,924,608 bytes free
Post-Run: 148,611,907,584 bytes free
.
- - End Of File - - 1C0AA01AE44C43C49ECA80A6C09F441C
5FB38429D5D77768867C76DCBDB35194
and the vbs files i located weren`t hidden they were in winsxs

Saga Lout · Dec 4, 2013

All the files the log refers to are in C: so I suggest plugging the stick in and running CF again.

ripshock · Dec 4, 2013

Saga Lout :

i used combofix on my both usbs but the third i just unchecked hide protected system files and click on show hidden file and folder then i deleted a vbs file from the third usb and used attrib -h -r -s /s /d K:\*.* and my problem was solved but does that mean if i inserted another flash drive would it be infected, i really wanna know how to end this problem forever?! and are the vbs files which i located in winsxs dangerous? and should i delete them?

ripshock · Dec 4, 2013

BTW the two usbs were fixed by combofix

Hawkeye22 · Dec 4, 2013

VBS file are nor more or less dangerous than other programs/scripts. It just depends on what function that program performs that makes it dangerous. A VBS that throws up a "hello world" dialog box isn't dangerous where as one that deletes the contents of your hard drive is. You would need to read the VBS to discover it's intent.

Saga Lout · Dec 4, 2013

I reckon it is safe to delete everything over four months old from the WinSXS (side-by-side) folder, and do it to every Vista and W7 system that passes through my business. I haven't wrecked an installation yet but I suppose there's always a first time.

ripshock · Dec 4, 2013

So guys, i forgot to thank you very much for your help.
i searched on the internet to find some information about vbs files and i found wscript.exe is related to it but my computer doesn`t run it and i found that there is some people making commands to prevent vbs files like on this link http://www.youtube.com/watch?v=IdRSFtmN9XU in the description, so the question is should i do what he is doing?

ripshock · Dec 4, 2013

Oh yeah i forgot that before using combofix it was running (wscript.exe) but after it doesn`t show up and if anyone know known dangerous vbs files, please post their names

and thank you again

Search

Are VBS files are dangerous?

ripshock

Honorable

Saga Lout

Retired Mod

ripshock

Honorable

Saga Lout

Retired Mod

ripshock

Honorable

ripshock

Honorable

Hawkeye22

Glorious

Saga Lout

Retired Mod

ripshock

Honorable

ripshock

Honorable

TRENDING THREADS

Latest posts

Moderators online

Share this page