Jump to content

Windows Explorer won't load - no desktop


Recommended Posts

I was browsing a website when my browser crashed and my computer automatically reset itself. It even did a proper shutdown, closing all windows and taking the desktop to the shut down screen before resetting. When it restarted it loaded Vista as usual but right after the welcome screen it says 'Windows Explorer has stopped working' and I'm left with a black screen with my mouse cursor in the middle. If I try closing explorer and running it again from the task manager it instantly says the same thing again.

I ran malwarebytes antimalware from the task manager to scan and clear 40+ cases of malware. After restarting it found around half as many, then after a third or fourth time scanning and rebooting it seems to always find just one called Hijack.FolderOptions (Registry Value) and says that it will be removed after reboot, but I never get my desktop to load and the scan finds that same malware every time.

What are my options now?

------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4500

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

8/29/2010 2:43:15 AM

mbam-log-2010-08-29 (02-43-15).txt

Scan type: Quick scan

Objects scanned: 145032

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello ,

And :P My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Still having the same issue. 'Windows Explorer has stopped working' on startup and I just get a black screen and my mouse cursor instead of my desktop. I have to run all processes by hitting ctrl-alt-del and using task manager. Running mbam.exe always finds the same malware in the registry (see my first post) and cannot remove it. Here are the requested logs:

OTL logfile created on: 8/29/2010 3:30:46 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\User\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.17 Gb Total Space | 261.88 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 3.74 Gb Total Space | 3.23 Gb Free Space | 86.20% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/29 15:28:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe

PRC - [2008/10/31 21:12:02 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2008/09/19 08:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

PRC - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

PRC - [2008/05/14 19:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe

========== Modules (SafeList) ==========

MOD - [2010/08/29 15:28:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

MOD - [2008/01/20 20:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008/01/20 20:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\msippsth.dll -- (TCPIP Pass-through Filter)

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - [2010/07/06 19:50:54 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2008/02/27 18:53:31 | 001,044,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)

SRV:64bit: - [2008/02/27 18:53:29 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/10/18 21:10:30 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV - [2010/08/28 23:28:35 | 000,019,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\msippsth.dll -- (TCPIP Pass-through Filter)

SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/11/20 08:14:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/10/31 21:12:02 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)

SRV - [2008/02/27 18:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/07/06 19:15:42 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/05/06 03:21:40 | 000,122,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/12/09 02:39:29 | 000,074,880 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/05/15 23:27:04 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/03/02 05:41:47 | 000,036,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)

DRV:64bit: - [2009/02/17 11:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2008/10/01 14:01:28 | 000,040,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2008/05/19 01:47:48 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)

DRV:64bit: - [2008/04/17 14:12:54 | 000,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/03/19 18:44:34 | 000,467,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/08/15 02:22:00 | 000,369,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2007/07/11 05:02:26 | 000,278,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys -- (RTL8187B)

DRV:64bit: - [2007/01/23 11:20:34 | 000,040,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys -- (vcd9bus)

DRV:64bit: - [2006/10/31 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/

IE - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{26357F76-34E8-42B0-826B-61636B548B63}: C:\Users\User\AppData\Local\{26357F76-34E8-42B0-826B-61636B548B63}\ [2010/08/22 15:30:13 | 000,000,000 | ---D | M]

[2009/10/15 01:42:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions

[2009/10/15 01:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/08/28 23:28:33 | 000,000,837 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 ad.ghura.pl

O1 - Hosts: 127.0.0.1 ru.brans.pl

O2 - BHO: (C:\Windows\SysWow64\ook0kjn.dll) - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\SysWow64\ook0kjn.dll File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4:64bit: - HKLM..\Run: [lxdxamon] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1753688288-2912615535-820751383-1000..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1753688288-2912615535-820751383-1000..\Run: [sxsaeu] C:\Users\User\AppData\Local\Temp\mspuyxjb.DLL File not found

O4 - HKU\S-1-5-21-1753688288-2912615535-820751383-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1753688288-2912615535-820751383-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKU\S-1-5-21-1753688288-2912615535-820751383-1003..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1753688288-2912615535-820751383-1003..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rtw9ws = C:\Users\User\AppData\Local\Temp\jo2lej.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-1753688288-2912615535-820751383-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O22 - SharedTaskScheduler: {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - oikdsu37hsudhf8w38ujdf - C:\Windows\SysWow64\ook0kjn.dll File not found

O24 - Desktop WallPaper: C:\Users\User\Documents\Backgrounds\3985718888_d4435fb72d_o.jpg

O24 - Desktop BackupWallPaper: C:\Users\User\Documents\Backgrounds\3985718888_d4435fb72d_o.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{568ea22e-41f2-11de-855c-0022159ca53d}\Shell - "" = AutoRun

O33 - MountPoints2\{568ea22e-41f2-11de-855c-0022159ca53d}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{defac3f6-2565-11df-976a-0022159ca53d}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 15:28:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2010/08/29 03:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis

[2010/08/28 23:28:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Server

[2010/08/28 23:28:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitrix Security

[2010/08/22 15:30:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{26357F76-34E8-42B0-826B-61636B548B63}

[2010/08/22 15:27:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\brrtembeh

[2010/08/20 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HEM Data

[2010/08/18 03:26:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Picturenaut

[2010/08/10 18:07:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/08/10 18:07:37 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/08/10 18:07:13 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2010/08/10 18:07:10 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010/08/10 18:07:10 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010/08/10 18:07:10 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010/08/10 18:07:10 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2010/08/10 18:07:10 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/08/10 18:07:10 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2010/08/10 18:07:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll

[2010/08/08 17:41:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla-Cache

[2010/08/01 21:10:22 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Aya

[2009/09/09 14:54:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll

[2009/09/09 14:54:25 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll

[2009/09/09 14:54:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll

[2009/09/09 14:54:25 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll

[2009/09/09 14:54:25 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll

[2009/09/09 14:54:24 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll

[2009/09/09 14:54:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll

[2009/09/09 14:54:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll

[2009/09/09 14:54:24 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll

[2009/09/09 14:54:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll

========== Files - Modified Within 30 Days ==========

[2010/08/29 15:30:54 | 003,407,872 | -HS- | M] () -- C:\Users\User\NTUSER.DAT

[2010/08/29 15:28:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2010/08/29 15:14:10 | 000,796,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/08/29 15:14:10 | 000,667,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/08/29 15:14:10 | 000,130,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/08/29 15:09:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/29 15:08:46 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/29 15:08:46 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/29 15:08:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/29 15:08:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/29 06:58:26 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/08/29 06:58:26 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/08/29 06:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1753688288-2912615535-820751383-1000UA.job

[2010/08/29 06:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/29 03:43:51 | 000,001,980 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk

[2010/08/28 23:29:00 | 006,291,456 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db

[2010/08/28 23:28:35 | 000,019,456 | ---- | M] () -- C:\Windows\SysWow64\msippsth.dll

[2010/08/28 23:28:34 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

[2010/08/28 23:28:11 | 000,030,000 | ---- | M] () -- C:\Windows\SysWow64\ar1nsdlf.dll

[2010/08/28 22:29:14 | 000,001,041 | ---- | M] () -- C:\Windows\Telescope.ini

[2010/08/28 22:21:07 | 000,002,425 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to HoldemManager.exe.lnk

[2010/08/27 14:43:31 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1753688288-2912615535-820751383-1000Core.job

[2010/08/24 01:09:33 | 000,000,120 | ---- | M] () -- C:\Users\User\AppData\Local\Asarodejex.dat

[2010/08/24 01:09:33 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Gyiniq.bin

[2010/08/21 01:36:38 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk

[2010/08/21 01:36:38 | 000,001,999 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/11 13:33:01 | 000,246,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/04 18:51:50 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2010/08/29 03:43:51 | 000,001,980 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk

[2010/08/28 23:28:35 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\msippsth.dll

[2010/08/28 23:28:32 | 000,000,005 | ---- | C] () -- C:\zrpt.xml

[2010/08/28 23:28:11 | 000,030,000 | ---- | C] () -- C:\Windows\SysWow64\ar1nsdlf.dll

[2010/08/22 15:30:14 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Asarodejex.dat

[2010/08/22 15:30:14 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Gyiniq.bin

[2010/08/10 18:07:49 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys

[2010/08/10 18:07:45 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys

[2010/08/10 18:07:45 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys

[2010/08/10 18:07:43 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys

[2010/08/10 18:07:39 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll

[2010/08/10 18:07:35 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/10 18:07:19 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll

[2010/08/10 18:07:15 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll

[2010/08/10 18:07:12 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll

[2010/08/10 18:07:12 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll

[2010/08/10 18:07:12 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll

[2010/08/10 18:07:11 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll

[2010/08/10 18:07:11 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll

[2010/08/10 18:07:11 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec

[2010/08/10 18:07:11 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll

[2010/08/10 18:07:10 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll

[2010/08/10 18:07:10 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll

[2010/08/10 18:07:10 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll

[2010/08/10 18:07:10 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll

[2010/08/10 18:07:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll

[2010/08/10 18:07:10 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll

[2010/08/10 18:07:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll

[2010/08/10 18:07:09 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb

[2010/08/10 18:07:09 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll

[2010/08/10 18:07:03 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll

[2010/08/03 11:47:19 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll

[2010/04/28 19:07:42 | 000,005,308 | -HS- | C] () -- C:\Users\User\AppData\Local\erTd

[2010/04/28 19:07:42 | 000,005,308 | -HS- | C] () -- C:\ProgramData\erTd

[2010/03/08 02:46:51 | 000,006,996 | -HS- | C] () -- C:\Users\User\AppData\Local\Ti4OIyu5d

[2009/11/20 00:56:41 | 000,425,788 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI006F.txt

[2009/11/20 00:56:41 | 000,013,906 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI006F.txt

[2009/09/15 23:19:20 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/09/15 23:19:20 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/09 14:55:21 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll

[2009/09/09 14:55:21 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll

[2009/09/09 14:55:21 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll

[2009/09/09 14:54:26 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll

[2009/09/09 14:54:26 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll

[2009/05/04 20:44:37 | 000,001,041 | ---- | C] () -- C:\Windows\Telescope.ini

[2009/04/18 12:06:47 | 000,006,836 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

[2009/01/04 20:40:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/11/03 03:36:31 | 000,084,480 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/01 17:14:57 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI

[2008/11/01 15:34:51 | 000,001,626 | ---- | C] () -- C:\Windows\PartyGrabber.ini

[2008/11/01 14:05:36 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat

[2008/10/31 21:13:44 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/10/28 14:01:00 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2008/10/27 17:55:05 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2008/10/27 17:55:05 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2008/10/27 17:54:59 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2008/10/27 17:54:59 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2008/10/27 17:37:02 | 000,035,450 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2008/10/27 17:33:00 | 000,035,058 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2008/10/27 16:46:46 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007/12/28 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

< End of report >

OTL Extras logfile created on: 8/29/2010 3:30:46 PM - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\User\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.17 Gb Total Space | 261.88 Gb Free Space | 43.93% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 3.74 Gb Total Space | 3.23 Gb Free Space | 86.20% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{044E4DAA-6785-4401-8B59-073DFF2703BC}" = lport=137 | protocol=17 | dir=in | app=system |

"{077433EF-ECB3-43E0-ACEE-68464AF85457}" = lport=139 | protocol=6 | dir=in | app=system |

"{085468CA-E812-4CB0-869B-2D26585AEEFE}" = lport=138 | protocol=17 | dir=in | app=system |

"{086857CE-E739-41F3-9A26-29C2E350307A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0EE1DBBE-CD3E-4AB2-92EF-5778BA2B123D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{12C1F318-02E1-415B-B6E1-AECF4A3C703A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{249C4C15-5A58-452B-93D3-819D9234F7EE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{25C62678-7C2C-4C81-A88D-C31D86DDD6E0}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{27CBDCDD-E635-4865-8416-50C9B096632D}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |

"{2AED8291-FB28-44D9-8A59-AD7A8AE76168}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{30E7CD12-02C2-4B79-87E8-04AC2C2D07EA}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |

"{3C63A9A2-D83A-48E3-810F-6A5DC1B8CEBC}" = rport=10243 | protocol=6 | dir=out | app=system |

"{4C9F569A-ABD3-4922-841C-00139F2042F3}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |

"{525E0302-5D9E-4C80-A84A-233DCF847881}" = rport=137 | protocol=17 | dir=out | app=system |

"{594F5458-062A-456F-B5B8-EDDA3ACC5628}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6DD2A085-36F0-4ECC-B62F-2645CC033421}" = rport=445 | protocol=6 | dir=out | app=system |

"{7D0ADCBF-0B15-4D23-A0B4-A2DFA127C495}" = rport=138 | protocol=17 | dir=out | app=system |

"{822C5756-0A3D-4D41-8032-A61E6E95764E}" = lport=445 | protocol=6 | dir=in | app=system |

"{83AE3AD2-AEA8-4BCA-86A0-C3EA2D8DC9E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A998CBFB-03D9-4847-B0DE-17309FDD36CE}" = rport=139 | protocol=6 | dir=out | app=system |

"{B36D5864-9FE2-46E4-B6AB-701BD8750B94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C8B9EA22-22AF-456B-902F-305FE095C9A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF9195D3-642E-4F17-B4BB-6F940D8AD579}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E789188E-5405-4D9A-8B14-E785A2FB881D}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E911DCF0-2B6E-4B99-9BAF-E5D51512C012}" = lport=2869 | protocol=6 | dir=in | app=system |

"{FCE0D0B6-0C50-4759-A97A-830374D8BBDE}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04107CBC-57A8-4B66-8D4D-EF487AF5754C}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{05CE0436-CC9D-48D8-9590-2A83B726CB5E}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"{062A3E06-BBE8-4866-B1C8-B6762D5384D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{07473B76-376A-4081-A1FD-E712F0DD16AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{0790805A-39D2-4041-9E21-90DF16BEF54B}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |

"{07B6D1D2-6CA8-4BEE-94EA-01271B77E6D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{0ACE6354-ABBF-4214-A6A1-643333A8F5A1}" = protocol=6 | dir=in | app=c:\windows\system32\lxdxcoms.exe |

"{0CAA5AF2-39BF-4A7B-B322-E168CB0EEBAE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{10C35C9F-A5FF-4F36-A48C-B57D285A5BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{10F07D7C-6ECA-4503-BDCF-4E481757357F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |

"{114826B7-5DDA-4103-A610-F8BAC37F2B0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{13027059-2AFA-48D8-BCB4-ED91F4764F80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{13E50F2E-C022-45BD-A056-DEBAFE8D84EB}" = protocol=17 | dir=in | app=c:\windows\system32\lxdxcoms.exe |

"{15E701B6-3782-49BF-A5A9-B19F950D646A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{15FE944E-E679-41ED-A41A-7CC66A9F4AF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{16053FB3-1469-4E64-9D95-11A945833C93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{189295DF-5555-4111-A422-ED8E6AE2AB22}" = protocol=6 | dir=in | app=c:\program files (x86)\world in conflict\wic.exe |

"{1896B6E0-796E-49EF-B87D-FF9FB130C076}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1C1D6D3E-E671-4CEF-BAC9-A13CFE2ED1BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1C486FEA-A521-43C9-B2E7-480EB35CB973}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{1D2EF3DF-18A4-4AE8-B487-D33E91B044C8}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |

"{1DE05BB8-AD41-41AA-85DC-2CE15BE72ACC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1DE74598-C411-4B41-AE62-2C19BED34ECA}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxamon.exe |

"{201D5080-F8DF-4218-99EE-6697A3F7202E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{204A89C0-98B4-4569-A85E-FCC86B554A98}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{240EE725-7454-4E32-AE7D-B443AE1F1398}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2428587D-EE08-419C-BA12-A42F6262AB23}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |

"{25E60EB5-3115-4DB7-9ADF-FF2803E97D6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{26213666-A7DE-4880-8DCF-F5285ED308F3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |

"{27FD53DB-CF75-4A1C-87DC-FFD09D591FA4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe |

"{28F40C46-3586-4AA5-99CD-9781630BF9E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2ADFD6BE-466B-4A0D-A903-49AAD1A05480}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |

"{2B29772C-97FB-4B0A-8F0B-5D3373E54581}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\starcraft ii.exe |

"{2D95721B-80F8-4E8E-90FD-785A709F3265}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{30671BF7-7E2B-407A-A615-1EB8DD296875}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{33C092EE-9BDB-49A3-AEAD-5A6885376ED4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{33C8369A-AE87-4260-BA77-7E9CD6D810D1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{3761A009-797D-4F0E-A14B-99FF378C92B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{39BB37B7-61B9-4CEA-B5E4-64E1C31A1023}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |

"{3A67D693-4044-413B-8413-CBFEFD6A11AA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3CA54D65-F3E2-49A2-BA58-288BD80DB623}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3CF77EF9-77A7-4C1B-B467-1BBF863EB75D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3DB02564-7F1C-4F02-8C74-13F8CC76A15F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{40BC4898-4C66-48E8-A10A-9BE6CED0B8EB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{4110E112-599E-42BC-8631-42922FC48D40}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |

"{47B1C198-5691-4485-8981-894D4C0338FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{480F0C86-8117-4E99-B811-FCF485F5C227}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4B48E52E-6D95-4573-8182-DE4956E8FF8F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4C618706-FD35-47E6-B1B4-374622AB811B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{4F92A95D-0581-4C16-87F0-D8AA326D9D69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{51473F25-6D20-43AC-8185-34272638AB6F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{537663AA-2902-44DE-9B4B-5BD967E23011}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{53F5F882-1600-40A3-A4E1-723750BD795A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{552604D1-2DFA-4334-997C-9200D633CA9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5527C7EC-3B0D-4B38-836D-E1D72A4AD5FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{5607E72E-D925-4D2F-8608-1E7B898F396B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{56D34606-73C2-4257-9D83-64D7C1C6003A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxjswx.exe |

"{59C3E0C5-FB00-4A42-A853-6A82EB9D7345}" = protocol=6 | dir=in | app=c:\league of legends\air\lolclient.exe |

"{5A37DA45-A055-41AF-9890-6EFAAE738D04}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5CAEBF25-FDE2-4EE1-A59D-7CBD2767B720}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{5D658324-4394-447A-8AC9-98BCC6A3EAC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5D783B2A-FA5C-4D3A-A391-CDA21A9E7319}" = protocol=6 | dir=in | app=c:\program files (x86)\world in conflict\wic_ds.exe |

"{64BBA828-8B68-4665-8B13-8C3B11512308}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6BD4248D-5122-45FE-86A8-D369B82B8437}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |

"{72F26C78-D606-46AE-943D-3A53C66DD6AB}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |

"{74D292B7-470F-4D3F-B585-7EF7103224E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7538ECB3-8357-411E-A5C1-2B98C2ECAC1A}" = protocol=17 | dir=in | app=c:\league of legends\air\lolclient.exe |

"{76A89973-A61B-4454-B8ED-1F68B88238F8}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{7731F106-54AA-4E5F-B2AA-7D5EFD7EA56C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"{79E5E4BD-C3E1-4C19-88E6-96B386F905C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{7B4135F2-7B5C-46F5-A663-638ACD565CAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |

"{7E37BFEE-8463-4C2A-A046-0F78CFBAC373}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{81ECEAF3-4825-46E5-BE6E-B7DD7F006676}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{820C825E-EB09-4F28-83E6-8223A135FAC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{831D98B0-BD86-4A8A-B851-D135D6FED3DB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{84F6B2F9-562B-497C-845C-9BAAF31F9292}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{896CA589-C17E-4AC6-8155-96CED564D683}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8AFF73E6-7836-4456-9390-470BCC6FDA3E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |

"{8B7E1882-1D02-4FFC-8268-6B77D70B23EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8F9E38E3-2F11-493B-AE60-81A7ADC7A67F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8FD69123-5512-40EF-98DC-EF92AD96C991}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{91E15351-912B-48BB-B9E7-AF6B910192C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{967808AD-D7FA-4801-A701-C210DA43E2A4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{97024BBD-EA3C-4430-8506-B3F23DA32A76}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{978329D7-6E8F-42A9-9954-B1969C027C02}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

"{97B124FF-ACAA-42B4-9B54-6CE374A93BCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{99BF9B1A-5EBD-4A8D-8D38-12FD671429BC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxtime.exe |

"{9C994B20-A558-4C3B-BE84-4BAC52D1660A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |

"{9E024181-D7FC-4E02-A65A-F9F2740C4D39}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9F2E4A61-F9A5-4440-8B06-17B112EEAD4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9F8AE44C-5709-4F6B-B6B8-740FB1DD1645}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |

"{A024DF39-0AF0-4B92-91D1-748D528BB799}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A41DEFA0-40A9-4C4F-8FD6-3F551FE546D9}" = protocol=6 | dir=out | app=system |

"{A49E5F11-E00D-4C6F-8E96-3EFF90B96DBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A52D97B4-D42E-4A88-B91A-0EB8DC23D5B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A599EA98-7379-43F2-8310-261E885143DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A60D347B-75EB-4D57-BFB6-466A11118002}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A6D7F448-4D2A-429F-80EC-F1FCC8ED80CD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{A7123359-40B3-4582-90F9-759F6F9EA290}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{A72ECE4F-DCFD-461A-93F1-68824127BC09}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |

"{AA34DFA0-710A-461E-B1FC-10536F64B357}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AA782256-20B3-4DD6-A36B-6F378599C695}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B04898C4-4357-4737-AD5B-F9F6EF896D41}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B572E9A6-582E-48FD-85B3-7889537BD69D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B5CF2F05-D795-434D-BA38-CCF8EDB7BCDD}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

"{B87286DE-F745-474C-81F1-F8354689F12F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B8B06894-2542-4AED-A91C-2FC1A77E6BAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B9862AEC-0BC6-4F64-B21B-603CC38800C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{B98C5DAB-337D-4E2F-9B6B-58BBD4376327}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |

"{BD5902A9-94CD-45E0-8D06-7A5D8E9E33EF}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |

"{C03C45C0-6A38-4131-A8B2-5B86400D69A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C2C79E9E-5A72-42DC-93EF-2AF83A19A300}" = protocol=17 | dir=in | app=c:\program files (x86)\ps3 media server\pms.exe |

"{C4AF566F-0697-4343-910B-1D84BE1788E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C531B885-9A7C-4AD3-AB21-21EFD17FC1FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C6514DD6-C759-457D-AA17-B8360390A63D}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{C67AD3D9-BD0B-4DD6-BE68-30AAA20EACB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C718C189-A544-4E2D-A37E-A3AFD7F5CFFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{CA0FC077-5790-4B9E-B30C-016AE14C699C}" = protocol=6 | dir=in | app=c:\program files (x86)\world in conflict\wic_online.exe |

"{CB9B3311-5C61-4CF4-B44D-42CEAAF85E19}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CDE25CAF-B9A7-4DBF-860E-B0A67B66933F}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\tversity\media server\mediaserver.exe |

"{CE284940-4283-49E4-A32E-2996A3EE4F80}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\frun.exe |

"{D19E44EE-A17B-459A-AB7B-9A1EB02CF858}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D4B325BD-85F7-4192-B5B4-A08D5E00D015}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D6376B6D-C083-44DD-A14B-815077ABC09A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D6855214-2667-44A3-839C-313A9A5207A4}" = protocol=17 | dir=in | app=c:\league of legends\game\league of legends.exe |

"{D8583C50-CD71-4111-9D92-9C40FB9C457D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D8E3E5D5-1B31-4F61-BC97-63F9D01AA5B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{DAC30EE6-6CEF-41BF-A0DE-E06B67E8F523}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |

"{DF374913-37CE-4AC1-B392-099EB5C1E46E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdxcoms.exe |

"{DF9FC443-AD11-49B9-A5A4-6D7A7BF6EDAC}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |

"{DFD7CC53-DDD9-410A-B126-2DEB5553EC4D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

"{E0FB99F7-64E1-48EA-B91E-69F7ADD8A92C}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\tversity\media server\mediaserver.exe |

"{E1E9A4A9-F023-49BC-A79D-3AF3B00F5752}" = protocol=17 | dir=in | app=c:\program files (x86)\world in conflict\wic.exe |

"{E4038F8C-8B30-4F83-8B26-D3A1D8F2A695}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E694F099-DC2F-4C6D-90F2-DB9A5FFFD293}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E7ECD9B6-1A84-4F2C-ABC0-0E8F8C5C5DA4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{E9B8AA2C-3298-4999-83BD-C72F93D8F185}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{EBA77C43-B314-49E6-8148-DB5B9B10C7AE}" = protocol=17 | dir=in | app=c:\program files (x86)\world in conflict\wic_online.exe |

"{ECA06AC5-5D8F-4BFE-8A17-E2D7EC96FB26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F139895A-0D4E-4717-8AAB-A96DBAC434FF}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |

"{F46E5595-5383-47CB-974D-739E43BA961A}" = protocol=6 | dir=in | app=c:\program files (x86)\ps3 media server\pms.exe |

"{F5B4056B-DDF8-4589-90F7-0A7D3E425315}" = protocol=17 | dir=in | app=c:\program files (x86)\world in conflict\wic_ds.exe |

"{F5D77199-8A47-43A0-85B5-C92070514DDE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F638865E-F555-4531-AB1E-5675F244C83E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F78D579F-7B6F-4A7F-AA38-AF04DCB0BEB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F996CCE1-4ACA-4304-976A-1EF9853F6258}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{FA7D0B96-B3C1-427E-A24A-31813E3A835D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FC10E08F-DC98-4576-99BA-06A53AB45E2B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{FCE20516-1453-4D53-8108-8B4BD3B7D942}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FD3E2D77-BA92-4F4F-9CA0-DB01A3BA0F4D}" = protocol=6 | dir=in | app=c:\league of legends\game\league of legends.exe |

"TCP Query User{072F7D26-AD86-4662-93B0-2761010737DC}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"TCP Query User{111C4D9D-D098-475B-8C8E-D140632576D8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{3FAEC6F4-6906-4186-B53A-48C1B1450FCC}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |

"TCP Query User{46685507-A528-4F60-96D7-6CAFC1D1D702}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"TCP Query User{5064B3E5-3A49-4DAA-A527-D321FD36E82D}C:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe |

"TCP Query User{83EA662C-0085-4E97-9F95-292DB361691C}C:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"TCP Query User{84222F84-5BF4-4DAB-9D2C-BF192F0F58C6}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |

"TCP Query User{9ABFDFA5-AD24-473E-8EC1-78753C747B89}C:\users\user\temp\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\user\temp\teamviewer3\teamviewer.exe |

"TCP Query User{B8D3D8A3-3432-4580-96A8-0C9760B5FB3D}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

"TCP Query User{BCAE9327-6EB4-43CA-9D20-1DAEB815181D}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"TCP Query User{C34840EE-1A40-487E-B412-8621484D404F}C:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe |

"TCP Query User{CE57CA61-8980-4D48-8AD1-7DBAC5637DA7}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |

"TCP Query User{D35B506E-0498-4285-BDAA-349B2482D0CB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{D64DD742-A596-4828-B5B8-714257D20CD0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{DDE8392A-B7AC-4BBB-9C82-D37B6B9D0B85}C:\users\user\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\user\temp\teamviewer\version4\teamviewer.exe |

"TCP Query User{DEA2B163-51A5-4150-AC06-A9B7C50392B1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{F172CD57-3F28-4301-8C2E-8B41B063F976}C:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"TCP Query User{FDF166FB-0885-41BA-A79C-CDD6567C42CB}C:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe |

"TCP Query User{FE782D4B-6FCE-4998-BCFF-A618DEBDF6A9}C:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe |

"UDP Query User{05EC9D0A-B58E-445C-8FC6-1AC3E3D48F60}C:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base13891\sc2.exe |

"UDP Query User{2D1C46A9-5AC6-4B84-B938-2E8B86CE7270}C:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14621\sc2.exe |

"UDP Query User{35E06532-4A36-46C4-880D-022AEB86712F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{38D06D24-997A-4A09-99F7-7B7A89B7684C}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |

"UDP Query User{487311A6-ADFB-4412-B63C-6A2E34A3DD89}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"UDP Query User{4B6AE931-3212-409F-9860-937EF68918A1}C:\users\user\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\user\temp\teamviewer\version4\teamviewer.exe |

"UDP Query User{5714E136-7A97-40A5-955F-B07F66FE02A4}C:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base15133\sc2.exe |

"UDP Query User{6E4288CD-B1D7-45DD-9113-435EF9B1E341}C:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdxpswx.exe |

"UDP Query User{819EA791-A706-40F8-B2CD-D42F43BD5BC5}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"UDP Query User{84EA279D-3FFB-4948-9DC6-B3AAD6B97EA7}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |

"UDP Query User{8B9D09D4-AA04-4454-99C7-616E7A1B9616}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{A03A027B-2B56-4F70-93F4-68CE9DDDD694}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe |

"UDP Query User{B5598EA7-7E0D-4658-AAFB-7B15BF67ED78}C:\users\user\temp\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\user\temp\teamviewer3\teamviewer.exe |

"UDP Query User{C4C5E167-1C3B-4739-A27A-F57C4C662227}C:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{C8206AE1-9606-4727-8F5D-DAE4F8E17123}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{D7E5FE6C-F578-49A7-9224-01FB4F6311AA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{DA3F5720-5EDB-4A4C-89DF-51A380A83D8E}C:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{DA53751E-B56A-4350-A72D-98FD59752D2B}C:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14593\sc2.exe |

"UDP Query User{F2501520-595C-449A-8016-35A71E1EEC5D}C:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii beta\versions\base14803\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0A9B7ADD-FF58-49E5-8204-956121D764DC}" = Apple Mobile Device Support

"{2EF5C74A-1137-46B1-A7BA-5A39ED27A22A}" = Bonjour

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D8BD0DDE-E007-4A55-9973-B95D5FA08C3F}" = iTunes

"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English

"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding

"{89B38025-05A0-4958-92C3-70882AE8553A}" = Holdem Manager

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common

"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3

"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

When I try running RKunhooker I get an error message 'Error loading driver, NTSTATUS code: 0xC000036B' so I can't generate that log. I can run hijackthis if it helps:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:32:00 AM, on 8/29/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18498)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: C:\Windows\SysWow64\ook0kjn.dll - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\SysWow64\ook0kjn.dll (file missing)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sxsaeu] RUNDLL32.EXE C:\Users\User\AppData\Local\Temp\mspuyxjb.dll,w

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Policies\Explorer\Run: [rtw9ws] C:\Users\User\AppData\Local\Temp\jo2lej.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: oikdsu37hsudhf8w38ujdf - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\Windows\SysWow64\ook0kjn.dll (file missing)

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c9bfa34c0df5b2) (gupdate1c9bfa34c0df5b2) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe

O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9674 bytes

Link to post
Share on other sites

No need for a HJT log. :) RKU isn't working on 64 bit machines, so don't worry about that.

First lets see what might be wrong with explorer.exe.

Please rerun OTL and copy/paste the following text into the "custom scan/fix" field. Click NONE and Run Scan. Post me the resulting log please.

/md5start

explorer.exe

userinit.exe

wininit.exe

winlogon.exe

/md5stop

Link to post
Share on other sites

OTL logfile created on: 8/30/2010 2:59:40 AM - Run 2

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\User\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.17 Gb Total Space | 264.17 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 465.76 Gb Total Space | 12.39 Gb Free Space | 2.66% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >

[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=35A716D2DD6B5E382A0F94F96845B1AC -- C:\Windows\explorer.exe

[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe

[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe

[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: USERINIT.EXE >

[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WININIT.EXE >

[2008/01/20 20:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008/01/20 20:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

[2008/01/20 20:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=1D111C73782BD7CD9B569FF30E32AFEF -- C:\Windows\SysWOW64\wininit.exe

[2008/01/20 20:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=1D111C73782BD7CD9B569FF30E32AFEF -- C:\Windows\SysWOW64\wininit.exe

< MD5 for: WINLOGON.EXE >

[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe

[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe

[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

Link to post
Share on other sites

OTL logfile created on: 8/30/2010 6:56:02 AM - Run 3

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\User\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.17 Gb Total Space | 264.15 Gb Free Space | 44.31% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 465.76 Gb Total Space | 12.39 Gb Free Space | 2.66% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Custom Scans ==========

< MD5 for: HLP.DAT >

[2008/01/20 20:49:14 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat

[2008/01/20 20:49:14 | 000,034,699 | ---- | M] () MD5=988D9624B4220182DFF971C1D18D73EC -- C:\Windows\SysWOW64\hlp.dat

< End of report >

Link to post
Share on other sites

I have the impression OTL is messing up a filepath: can you please have a look and see if the following file exists: c:\windows\system32\wininit.exe

OTL seems to see the file twice in the c:\windows\syswow64 folder, but not in the sysnative folder. Would we replace one file but not the other, we could cause problems.

Link to post
Share on other sites

Yes, that confirms what I see in your logs. Wininit.exe (the syswow64 copy) as well as explorer.exe are both infected and need to be replaced.

In order to do so, we first need to copy the files so we will not remain without replacement copies.

Please press the Windows key + R and type NOTEPAD in the runbox. Copy paste the following text into Notepad and save it to your desktop as copy.bat

copy C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe c:\wininit.exe
copy C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe c:\explorer.exe
del %0

Exit notepad and run copy.bat by doubleclicking it. Verify that c:\explorer.exe and c:\wininit.exe have been created.

Only continue if those two files exist!

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

Click OK at the warning (and take note of it, this is a VERY powerful tool!).

Click the script tab and copy/paste the following text there:

DeleteFile:
C:\Windows\explorer.exe
c:\windows\syswow64\wininit.exe
MoveFile:
C:\explorer.exe C:\Windows\explorer.exe
C:\wininit.exe c:\windows\syswow64\wininit.exe

Click Execute Now. Your computer will need to reboot in order to replace the files.

When done, post me the report created by Blitzblank.

Link to post
Share on other sites

Well that appears to have fixed my explorer problem! My desktop loaded correctly this time, but Avira is still giving warnings that CWindows\Syswow64\msippsth.dll contains the BDS/Backdoor.Gen recognition pattern and C:\Users\User\AppData\Local\Temp\stpb3660.exe is the TR/Agent.HM.930 Trojan. What should I do about these files?

BlitzBlank 1.0.0.29

File/Registry Modification Engine native application

MoveFileOnReboot: sourceFile = "\??\c:\windows\explorer.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\windows\syswow64\wininit.exe", destinationFile = "(null)", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\explorer.exe", destinationFile = "\??\c:\windows\explorer.exe", replaceWithDummy = 0

MoveFileOnReboot: sourceFile = "\??\c:\wininit.exe", destinationFile = "\??\c:\windows\syswow64\wininit.exe", replaceWithDummy = 0

Link to post
Share on other sites

Thanks a lot for your help so far. Avira quarantined several files and now it says my computer is clean. However, malwarebytes is still detecting the same problem every time I scan and reboot. Other than that the computer is behaving normally.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Link to post
Share on other sites

OTL logfile created on: 8/31/2010 8:23:21 AM - Run 5

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\User\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free

8.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.17 Gb Total Space | 300.30 Gb Free Space | 50.37% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/29 15:28:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

PRC - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe

PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe

PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009/01/29 16:11:32 | 000,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe

PRC - [2008/10/31 21:12:02 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2008/09/19 08:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe

PRC - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe

PRC - [2008/08/03 17:02:20 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe

PRC - [2008/06/13 10:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmsdmon.exe

PRC - [2008/06/13 10:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe

PRC - [2008/05/14 19:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe

PRC - [2008/03/26 15:04:48 | 000,143,360 | ---- | M] (Sonic Focus, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe

PRC - [2008/03/16 16:40:44 | 001,302,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

========== Modules (SafeList) ==========

MOD - [2010/08/29 15:28:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

MOD - [2008/01/20 20:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2008/01/20 20:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\msippsth.dll -- (TCPIP Pass-through Filter)

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)

SRV:64bit: - [2010/07/06 19:50:54 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2008/02/27 18:53:31 | 001,044,648 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)

SRV:64bit: - [2008/02/27 18:53:29 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/10/18 21:10:30 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)

SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/07/21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)

SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)

SRV - [2008/11/20 08:14:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/10/31 21:12:02 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2008/09/19 04:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)

SRV - [2008/02/27 18:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdxcoms.exe -- (lxdx_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/07/06 20:30:08 | 007,195,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/07/06 19:15:42 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/05/06 03:21:40 | 000,122,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/12/09 02:39:29 | 000,074,880 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/05/15 23:27:04 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009/03/02 05:41:47 | 000,036,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)

DRV:64bit: - [2009/02/17 11:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2008/10/01 14:01:28 | 000,040,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2008/05/19 01:47:48 | 000,173,096 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)

DRV:64bit: - [2008/04/17 14:12:54 | 000,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/03/19 18:44:34 | 000,467,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2007/08/15 02:22:00 | 000,369,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)

DRV:64bit: - [2007/07/11 05:02:26 | 000,278,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys -- (RTL8187B)

DRV:64bit: - [2007/01/23 11:20:34 | 000,040,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vcd9bus.sys -- (vcd9bus)

DRV:64bit: - [2006/10/31 09:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2006/09/18 15:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)

DRV - [2010/08/29 15:37:05 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{26357F76-34E8-42B0-826B-61636B548B63}: C:\Users\User\AppData\Local\{26357F76-34E8-42B0-826B-61636B548B63}\ [2010/08/22 15:30:13 | 000,000,000 | ---D | M]

[2009/10/15 01:42:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions

[2009/10/15 01:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/08/28 23:28:33 | 000,000,837 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 ad.ghura.pl

O1 - Hosts: 127.0.0.1 ru.brans.pl

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4:64bit: - HKLM..\Run: [lxdxamon] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe ()

O4:64bit: - HKLM..\Run: [lxdxmon.exe] C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe ()

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()

O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sxsaeu] C:\Users\User\AppData\Local\Temp\mspuyxjb.DLL File not found

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.184.13 64.59.184.15 64.59.190.242

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\User\Documents\Backgrounds\3985718888_d4435fb72d_o.jpg

O24 - Desktop BackupWallPaper: C:\Users\User\Documents\Backgrounds\3985718888_d4435fb72d_o.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{568ea22e-41f2-11de-855c-0022159ca53d}\Shell - "" = AutoRun

O33 - MountPoints2\{568ea22e-41f2-11de-855c-0022159ca53d}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found

O33 - MountPoints2\{defac3f6-2565-11df-976a-0022159ca53d}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/31 01:13:44 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/08/30 16:55:13 | 001,137,528 | ---- | C] (Emsi Software GmbH) -- C:\Users\User\Desktop\BlitzBlank.exe

[2010/08/29 15:28:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2010/08/29 03:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis

[2010/08/28 23:28:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Server

[2010/08/28 23:28:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Bitrix Security

[2010/08/22 15:30:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{26357F76-34E8-42B0-826B-61636B548B63}

[2010/08/22 15:27:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\brrtembeh

[2010/08/20 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HEM Data

[2010/08/18 03:26:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Picturenaut

[2010/08/08 17:41:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla-Cache

[2010/07/28 02:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2010/07/27 23:54:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\StarCraft II

[2010/07/27 23:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2010/07/27 23:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II

[2010/07/06 19:49:28 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll

[2010/07/06 19:49:18 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll

[2010/07/06 19:49:06 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll

[2010/07/05 02:34:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient

[2010/07/05 02:26:33 | 000,000,000 | ---D | C] -- C:\League of Legends

[2010/07/05 02:09:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PMB Files

[2010/07/05 02:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files

[2010/07/05 02:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

[2010/06/24 19:56:57 | 000,000,000 | ---D | C] -- C:\1065ef3d4da9b6f546

[2010/06/12 11:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2009/09/09 14:54:26 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxinpa.dll

[2009/09/09 14:54:25 | 001,105,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxserv.dll

[2009/09/09 14:54:25 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxusb1.dll

[2009/09/09 14:54:25 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxpmui.dll

[2009/09/09 14:54:25 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxiesc.dll

[2009/09/09 14:54:24 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomc.dll

[2009/09/09 14:54:24 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxhbn3.dll

[2009/09/09 14:54:24 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxlmpm.dll

[2009/09/09 14:54:24 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxcomm.dll

[2009/09/09 14:54:24 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdxprox.dll

========== Files - Modified Within 90 Days ==========

[2010/08/31 08:23:12 | 003,670,016 | -HS- | M] () -- C:\Users\User\NTUSER.DAT

[2010/08/31 07:36:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1753688288-2912615535-820751383-1000UA.job

[2010/08/31 07:36:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/31 07:10:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/31 07:10:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/31 05:16:34 | 000,796,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/08/31 05:16:34 | 000,667,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/08/31 05:16:34 | 000,130,850 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/08/31 05:10:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/31 05:10:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/31 05:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/31 05:09:03 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/08/31 05:09:03 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/08/31 05:09:02 | 006,291,456 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db

[2010/08/31 03:21:01 | 000,002,425 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to HoldemManager.exe.lnk

[2010/08/30 16:55:13 | 001,137,528 | ---- | M] (Emsi Software GmbH) -- C:\Users\User\Desktop\BlitzBlank.exe

[2010/08/30 14:36:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1753688288-2912615535-820751383-1000Core.job

[2010/08/30 00:50:35 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/08/29 20:19:40 | 000,001,041 | ---- | M] () -- C:\Windows\Telescope.ini

[2010/08/29 15:37:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/08/29 15:28:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2010/08/29 03:43:51 | 000,001,980 | ---- | M] () -- C:\Users\User\Desktop\HiJackThis.lnk

[2010/08/28 23:28:34 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

[2010/08/24 01:09:33 | 000,000,120 | ---- | M] () -- C:\Users\User\AppData\Local\Asarodejex.dat

[2010/08/24 01:09:33 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Gyiniq.bin

[2010/08/21 01:36:38 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk

[2010/08/21 01:36:38 | 000,001,999 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/08/11 13:33:01 | 000,246,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/07/28 00:26:24 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2010/07/06 20:30:08 | 007,195,648 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmdag.sys

[2010/07/06 20:16:20 | 020,118,528 | ---- | M] () -- C:\Windows\SysNative\atio6axx.dll

[2010/07/06 19:54:32 | 000,063,416 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb

[2010/07/06 19:54:16 | 000,143,360 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.exe

[2010/07/06 19:53:20 | 000,594,432 | ---- | M] () -- C:\Windows\SysNative\aticfx64.dll

[2010/07/06 19:51:30 | 000,446,464 | ---- | M] () -- C:\Windows\SysNative\ATIDEMGX.dll

[2010/07/06 19:51:26 | 000,462,336 | ---- | M] () -- C:\Windows\SysNative\atieclxx.exe

[2010/07/06 19:50:54 | 000,203,264 | ---- | M] () -- C:\Windows\SysNative\atiesrxx.exe

[2010/07/06 19:49:48 | 000,120,320 | ---- | M] () -- C:\Windows\SysNative\atitmm64.dll

[2010/07/06 19:49:36 | 000,421,376 | ---- | M] () -- C:\Windows\SysNative\atipdl64.dll

[2010/07/06 19:49:28 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll

[2010/07/06 19:49:18 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll

[2010/07/06 19:49:14 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\atimuixx.dll

[2010/07/06 19:49:10 | 000,059,392 | ---- | M] () -- C:\Windows\SysNative\atiedu64.dll

[2010/07/06 19:49:06 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll

[2010/07/06 19:37:36 | 004,463,616 | ---- | M] () -- C:\Windows\SysNative\atidxx64.dll

[2010/07/06 19:30:12 | 002,785,792 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.dll

[2010/07/06 19:29:26 | 000,051,200 | ---- | M] () -- C:\Windows\SysNative\aticalrt64.dll

[2010/07/06 19:29:16 | 000,044,544 | ---- | M] () -- C:\Windows\SysNative\aticalcl64.dll

[2010/07/06 19:29:06 | 005,378,560 | ---- | M] () -- C:\Windows\SysNative\aticaldd64.dll

[2010/07/06 19:27:28 | 000,543,664 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap

[2010/07/06 19:24:34 | 000,055,296 | ---- | M] () -- C:\Windows\SysNative\coinst.dll

[2010/07/06 19:22:52 | 000,543,664 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap

[2010/07/06 19:22:26 | 005,099,008 | ---- | M] () -- C:\Windows\SysNative\atiumd64.dll

[2010/07/06 19:16:06 | 000,335,872 | ---- | M] () -- C:\Windows\SysNative\atiadlxx.dll

[2010/07/06 19:15:54 | 000,014,848 | ---- | M] () -- C:\Windows\SysNative\atig6pxx.dll

[2010/07/06 19:15:50 | 000,012,800 | ---- | M] () -- C:\Windows\SysNative\atiglpxx.dll

[2010/07/06 19:15:48 | 000,018,432 | ---- | M] () -- C:\Windows\SysNative\atig6txx.dll

[2010/07/06 19:15:42 | 000,265,728 | ---- | M] () -- C:\Windows\SysNative\drivers\atikmpag.sys

[2010/07/06 19:15:04 | 000,039,424 | ---- | M] () -- C:\Windows\SysNative\atiuxp64.dll

[2010/07/06 19:14:50 | 000,030,208 | ---- | M] () -- C:\Windows\SysNative\atiu9p64.dll

[2010/07/06 19:14:28 | 000,026,112 | ---- | M] () -- C:\Windows\SysNative\atitmp64.dll

[2010/07/06 19:14:16 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\drivers\ati2erec.dll

[2010/07/06 19:11:12 | 000,054,272 | ---- | M] () -- C:\Windows\SysNative\atimpc64.dll

[2010/07/06 19:11:12 | 000,054,272 | ---- | M] () -- C:\Windows\SysNative\amdpcom64.dll

[2010/07/05 02:33:01 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2010/06/29 18:22:49 | 006,512,261 | ---- | M] () -- C:\Users\User\Desktop\Lebron.mp3

[2010/06/28 10:55:07 | 000,208,896 | ---- | M] () -- C:\Windows\SysNative\occache.dll

[2010/06/28 10:53:56 | 000,758,784 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll

[2010/06/28 10:53:55 | 000,580,608 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll

[2010/06/28 10:52:23 | 000,375,296 | ---- | M] () -- C:\Windows\SysNative\iertutil.dll

[2010/06/28 10:52:23 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll

[2010/06/28 10:52:22 | 000,422,400 | ---- | M] () -- C:\Windows\SysNative\ieapfltr.dll

[2010/06/28 10:52:22 | 000,086,528 | ---- | M] () -- C:\Windows\SysNative\ieencode.dll

[2010/06/28 10:52:21 | 000,267,776 | ---- | M] () -- C:\Windows\SysNative\ieaksie.dll

[2010/06/28 09:35:36 | 000,485,376 | ---- | M] () -- C:\Windows\SysNative\html.iec

[2010/06/18 11:17:49 | 000,050,688 | ---- | M] () -- C:\Windows\SysNative\rtutils.dll

[2010/06/17 23:13:30 | 000,021,682 | ---- | M] () -- C:\Windows\atiogl.xml

[2010/06/15 16:28:58 | 000,002,857 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat

[2010/06/15 16:28:58 | 000,002,857 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat

[2010/06/12 11:10:00 | 004,739,072 | ---- | M] () -- C:\Users\User\Desktop\Turning-Mist.mp3

[2010/06/12 11:09:57 | 009,453,568 | ---- | M] () -- C:\Users\User\Desktop\Hawaii-781.mp3

[2010/06/11 14:55:03 | 000,297,408 | ---- | M] () -- C:\Users\User\Desktop\starsnl200.jpg

[2010/06/08 11:47:14 | 004,690,832 | ---- | M] () -- C:\Windows\SysNative\ntoskrnl.exe

========== Files Created - No Company Name ==========

[2010/08/29 15:37:05 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/08/29 03:43:51 | 000,001,980 | ---- | C] () -- C:\Users\User\Desktop\HiJackThis.lnk

[2010/08/28 23:28:32 | 000,000,005 | ---- | C] () -- C:\zrpt.xml

[2010/08/22 15:30:14 | 000,000,120 | ---- | C] () -- C:\Users\User\AppData\Local\Asarodejex.dat

[2010/08/22 15:30:14 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\Gyiniq.bin

[2010/08/10 18:07:49 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys

[2010/08/10 18:07:45 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys

[2010/08/10 18:07:45 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys

[2010/08/10 18:07:43 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys

[2010/08/10 18:07:39 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll

[2010/08/10 18:07:35 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe

[2010/08/10 18:07:19 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll

[2010/08/10 18:07:15 | 005,691,904 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll

[2010/08/10 18:07:12 | 007,006,208 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll

[2010/08/10 18:07:12 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll

[2010/08/10 18:07:12 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll

[2010/08/10 18:07:11 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll

[2010/08/10 18:07:11 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll

[2010/08/10 18:07:11 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec

[2010/08/10 18:07:11 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll

[2010/08/10 18:07:10 | 000,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll

[2010/08/10 18:07:10 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll

[2010/08/10 18:07:10 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll

[2010/08/10 18:07:10 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll

[2010/08/10 18:07:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll

[2010/08/10 18:07:10 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll

[2010/08/10 18:07:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll

[2010/08/10 18:07:09 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb

[2010/08/10 18:07:09 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll

[2010/08/10 18:07:03 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll

[2010/08/03 11:47:19 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll

[2010/07/27 23:54:50 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk

[2010/07/06 20:30:08 | 007,195,648 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmdag.sys

[2010/07/06 20:16:20 | 020,118,528 | ---- | C] () -- C:\Windows\SysNative\atio6axx.dll

[2010/07/06 19:54:32 | 000,063,416 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb

[2010/07/06 19:54:16 | 000,143,360 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.exe

[2010/07/06 19:53:20 | 000,594,432 | ---- | C] () -- C:\Windows\SysNative\aticfx64.dll

[2010/07/06 19:51:30 | 000,446,464 | ---- | C] () -- C:\Windows\SysNative\ATIDEMGX.dll

[2010/07/06 19:51:26 | 000,462,336 | ---- | C] () -- C:\Windows\SysNative\atieclxx.exe

[2010/07/06 19:50:54 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\atiesrxx.exe

[2010/07/06 19:49:14 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\atimuixx.dll

[2010/07/06 19:37:36 | 004,463,616 | ---- | C] () -- C:\Windows\SysNative\atidxx64.dll

[2010/07/06 19:30:12 | 002,785,792 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.dll

[2010/07/06 19:29:26 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\aticalrt64.dll

[2010/07/06 19:29:16 | 000,044,544 | ---- | C] () -- C:\Windows\SysNative\aticalcl64.dll

[2010/07/06 19:29:06 | 005,378,560 | ---- | C] () -- C:\Windows\SysNative\aticaldd64.dll

[2010/07/06 19:27:28 | 000,543,664 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap

[2010/07/06 19:24:34 | 000,055,296 | ---- | C] () -- C:\Windows\SysNative\coinst.dll

[2010/07/06 19:22:52 | 000,543,664 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap

[2010/07/06 19:22:26 | 005,099,008 | ---- | C] () -- C:\Windows\SysNative\atiumd64.dll

[2010/07/06 19:16:06 | 000,335,872 | ---- | C] () -- C:\Windows\SysNative\atiadlxx.dll

[2010/07/06 19:15:54 | 000,014,848 | ---- | C] () -- C:\Windows\SysNative\atig6pxx.dll

[2010/07/06 19:15:50 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\atiglpxx.dll

[2010/07/06 19:15:48 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\atig6txx.dll

[2010/07/06 19:15:42 | 000,265,728 | ---- | C] () -- C:\Windows\SysNative\drivers\atikmpag.sys

[2010/07/06 19:15:04 | 000,039,424 | ---- | C] () -- C:\Windows\SysNative\atiuxp64.dll

[2010/07/06 19:14:50 | 000,030,208 | ---- | C] () -- C:\Windows\SysNative\atiu9p64.dll

[2010/07/06 19:14:28 | 000,026,112 | ---- | C] () -- C:\Windows\SysNative\atitmp64.dll

[2010/07/06 19:14:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\drivers\ati2erec.dll

[2010/07/06 19:11:12 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\atimpc64.dll

[2010/07/06 19:11:12 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\amdpcom64.dll

[2010/07/05 02:33:01 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2010/06/29 18:22:38 | 006,512,261 | ---- | C] () -- C:\Users\User\Desktop\Lebron.mp3

[2010/06/22 17:53:33 | 000,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax

[2010/06/22 17:53:33 | 000,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax

[2010/06/22 17:53:31 | 000,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll

[2010/06/22 17:53:30 | 000,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll

[2010/06/22 17:53:30 | 000,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax

[2010/06/22 17:53:16 | 001,942,856 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll

[2010/06/22 17:53:16 | 000,444,752 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll

[2010/06/22 17:53:16 | 000,320,352 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe

[2010/06/22 17:53:16 | 000,109,912 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/06/22 17:53:16 | 000,048,960 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll

[2010/06/22 16:07:31 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll

[2010/06/22 16:07:31 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll

[2010/06/17 23:13:30 | 000,021,682 | ---- | C] () -- C:\Windows\atiogl.xml

[2010/06/15 16:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/06/15 16:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat

[2010/06/12 11:09:54 | 004,739,072 | ---- | C] () -- C:\Users\User\Desktop\Turning-Mist.mp3

[2010/06/12 11:09:48 | 009,453,568 | ---- | C] () -- C:\Users\User\Desktop\Hawaii-781.mp3

[2010/06/11 14:55:01 | 000,297,408 | ---- | C] () -- C:\Users\User\Desktop\starsnl200.jpg

[2010/06/08 12:47:20 | 000,084,480 | ---- | C] () -- C:\Windows\SysNative\asycfilt.dll

[2010/06/08 12:47:07 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe

[2010/06/08 12:47:02 | 001,570,816 | ---- | C] () -- C:\Windows\SysNative\quartz.dll

[2010/06/08 12:47:01 | 000,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll

[2010/06/08 12:47:01 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll

[2010/04/28 19:07:42 | 000,005,308 | -HS- | C] () -- C:\Users\User\AppData\Local\erTd

[2010/04/28 19:07:42 | 000,005,308 | -HS- | C] () -- C:\ProgramData\erTd

[2010/03/08 02:46:51 | 000,006,996 | -HS- | C] () -- C:\Users\User\AppData\Local\Ti4OIyu5d

[2009/11/20 00:56:41 | 000,425,788 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistMSI006F.txt

[2009/11/20 00:56:41 | 000,013,906 | ---- | C] () -- C:\Users\User\AppData\Local\dd_vcredistUI006F.txt

[2009/09/15 23:19:20 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/09/15 23:19:20 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest

[2009/09/09 14:55:21 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdxdrs.dll

[2009/09/09 14:55:21 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdxcaps.dll

[2009/09/09 14:55:21 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdxcnv4.dll

[2009/09/09 14:54:26 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDXinst.dll

[2009/09/09 14:54:26 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdxcomx.dll

[2009/05/04 20:44:37 | 000,001,041 | ---- | C] () -- C:\Windows\Telescope.ini

[2009/04/18 12:06:47 | 000,006,836 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

[2009/01/04 20:40:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008/11/03 03:36:31 | 000,084,480 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/01 17:14:57 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI

[2008/11/01 15:34:51 | 000,001,626 | ---- | C] () -- C:\Windows\PartyGrabber.ini

[2008/11/01 14:05:36 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat

[2008/10/31 21:13:44 | 000,743,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2008/10/28 14:01:00 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2008/10/27 17:55:05 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2008/10/27 17:55:05 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2008/10/27 17:54:59 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2008/10/27 17:54:59 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2008/10/27 17:37:02 | 000,035,450 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2008/10/27 17:33:00 | 000,035,058 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2008/10/27 16:46:46 | 000,000,732 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps64.dat

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007/12/28 01:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/08/29 01:55:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\79DC0A9D27A0049DE58053471CD6D61E

[2010/08/29 03:36:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus

[2010/08/28 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Bitrix Security

[2009/05/15 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite

[2008/11/23 23:48:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla

[2010/08/20 12:53:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data

[2009/09/21 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lexmark Productivity Studio

[2010/03/23 16:59:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LimeWire

[2010/07/05 02:34:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient

[2009/09/14 23:50:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org

[2010/08/18 03:26:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Picturenaut

[2009/03/07 19:15:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer

[2008/10/27 17:51:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TMP

[2009/05/14 04:10:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uqm

[2009/06/30 05:35:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wizards of the Coast

[2010/08/31 05:09:05 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hi again,

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O4 - HKCU..\Run: [sxsaeu] C:\Users\User\AppData\Local\Temp\mspuyxjb.DLL File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

    :commands
    [emptytemp]
    [resethosts]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Please rerun another MBAM quick scan to see if the NoFolderOptions hijack still gets recreated.

Link to post
Share on other sites

That fixed it, I don't see any more problems. Really, you've been an amazing help. Is this computer safe to use now? Should I change all my old passwords as a precaution?

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sxsaeu deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User

->Temp folder emptied: 4633004 bytes

->Temporary Internet Files folder emptied: 51215056 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 23282131 bytes

->Flash cache emptied: 4887 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 530328 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33234 bytes

RecycleBin emptied: 11388 bytes

Total Files Cleaned = 76.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.11.0 log created on 08312010_084240

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\TMP00000053C06DECC556E6B0D8 not found!

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7A30UHZ\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7A30UHZ\wpad[1].cache scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQ48MH5Z\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K08GL36\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\324A9FAO\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi, lets do a few last steps to ensure everything stays fine. :)

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Yes, that was a leftover of the infection we cleaned here. If you have no other problems left, you are good to go. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Rerun OTL and click the Cleanup button. Allow a reboot. This will clean all tools/logs we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.