Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.EXE Application not found


  • This topic is locked This topic is locked
50 replies to this topic

#31 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 12 August 2011 - 05:40 AM

No problem :) I guess that didn't fix the issue?

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


BC AdBot (Login to Remove)

 


#32 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 13 August 2011 - 01:42 AM

nope..... :hysterical:

#33 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 14 August 2011 - 04:13 PM

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    /md5start
    explorer.exe
    /md5stop
  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#34 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 14 August 2011 - 06:23 PM

Here you are:

OTL logfile created on: 15/08/2011 07:17:55 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Guy\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.42% Memory free
5.95 Gb Paging File | 4.14 Gb Available in Paging File | 69.70% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 53.96 Gb Total Space | 21.04 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive D: | 53.17 Gb Total Space | 35.61 Gb Free Space | 66.97% Space Free | Partition Type: NTFS

Computer Name: LAPTOP4 | User Name: Guy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/01 22:33:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Guy\Desktop\OTL.exe
PRC - [2011/07/18 17:08:47 | 000,550,600 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AdMunch.exe
PRC - [2011/07/07 02:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/07 02:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/28 21:48:58 | 000,974,848 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/06/22 17:38:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/26 04:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/21 18:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/04/14 02:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
PRC - [2010/04/14 02:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
PRC - [2010/04/14 02:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
PRC - [2010/04/14 02:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
PRC - [2010/02/09 22:15:26 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\ChgService.exe
PRC - [2009/11/11 00:44:14 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/11/11 00:43:48 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/09 03:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/09 03:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/03/01 01:58:43 | 001,750,016 | ---- | M] (NGO Science Center "RightMark") -- C:\Program Files (x86)\RMClock\RMClock.exe
PRC - [2004/05/03 01:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files (x86)\DeskPins\DeskPins.exe


========== Modules (SafeList) ==========

MOD - [2011/08/01 22:33:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Guy\Desktop\OTL.exe
MOD - [2011/07/18 17:08:47 | 000,070,344 | ---- | M] (Murray Hurps Corp Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AM32-32739.dll
MOD - [2010/11/20 11:21:38 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010/11/20 11:20:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2010/11/20 11:18:28 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2010/11/20 10:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/14 09:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009/07/14 09:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/08 00:37:31 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/01/10 20:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV:64bit: - [2010/01/21 11:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/29 19:07:54 | 000,911,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/12/29 19:02:46 | 000,404,992 | ---- | M] (Red Bend Ltd.) [On_Demand | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 01:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 01:48:28 | 000,203,264 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/03 09:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/07/07 02:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/08 00:36:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/25 04:02:52 | 000,083,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2011/03/21 18:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/09 22:15:26 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ChgService.exe -- (Change Modem Device Service)
SRV - [2010/01/28 20:47:44 | 001,737,464 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\3\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/12/17 23:11:14 | 000,067,616 | ---- | M] (StorageCraft Technology Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vsnapvss.exe -- (VSNAPVSS)
SRV - [2009/12/17 23:09:00 | 001,497,632 | ---- | M] (StorageCraft Technology Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc)
SRV - [2009/11/11 00:44:14 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/11/10 02:03:48 | 003,144,696 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/25 21:05:58 | 000,414,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/07/13 19:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/09 03:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/09 03:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/14 17:45:37 | 001,597,096 | ---- | M] (Euro Plus d.o.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EuroPlus Shared\LblServices.exe -- (LabelServices)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/07 02:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/07 23:53:53 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/05/10 15:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 15:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/19 18:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/20 12:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/09 21:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/07/13 16:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/04/14 08:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/01/28 20:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/01/21 11:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/23 04:37:14 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/12/17 17:22:54 | 000,126,080 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2009/08/26 03:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/26 03:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/26 03:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/24 18:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/03 05:41:04 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/03 05:41:04 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/03 05:41:04 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/03 05:41:02 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/26 02:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/26 00:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 23:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 14:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/11 04:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 04:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 07:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 20:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/12/14 01:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006/12/04 17:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2005/12/14 08:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2011/08/04 16:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110813.002\EX64.SYS -- (NAVEX15)
DRV - [2011/08/04 16:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110813.002\ENG64.SYS -- (NAVENG)
DRV - [2011/07/28 16:00:00 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/28 16:00:00 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/08 01:44:39 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009/12/18 18:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/08/26 03:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/26 03:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/26 03:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2008/05/16 05:59:46 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.walkthewalk.org
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.walkthewalk.org
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF B0 97 77 14 25 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2011/07/18 17:08:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/05 18:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2011/07/18 17:08:47 | 000,000,000 | ---D | M]

[2011/06/07 22:25:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy\AppData\Roaming\mozilla\Extensions
[2011/08/13 08:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions
[2011/06/09 00:31:42 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/07/01 17:36:17 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2011/08/01 21:46:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/27 23:47:33 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/06/24 18:55:15 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/02 16:52:12 | 000,000,000 | ---D | M] (eBay Quick Search) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\ebayquicksearch@upaaya
[2011/06/22 17:38:22 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Guy\AppData\Roaming\mozilla\Firefox\Profiles\v7qpacze.default\extensions\support@lastpass.com
[2011/07/27 19:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/07 22:44:05 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/27 19:48:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/07/18 17:08:47 | 000,000,000 | ---D | M] (Ad Muncher Browser Extensions) -- C:\PROGRAM FILES (X86)\AD MUNCHER\FIREFOXEXTENSION_2.0
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{6005D9B1-D115-485A-A92A-3F6453CA3FE2}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{C75A27D8-4529-449F-B67B-ABA65D7A1C0A}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\BETTERFACEBOOK@MATTKRUSE.COM.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\BETTERGMAIL2@GINATRAPANI.ORG.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\FEEDLY@DEVHD.XPI
() (No name found) -- C:\USERS\GUY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V7QPACZE.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/06/22 17:38:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/01 20:59:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Corp Pty Ltd)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PocketCloud Location] C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe ()
O4 - HKCU..\Run: [DeskDriveStartup] C:\Program Files\Blue Onion Software\Desk Drive\DeskDrive.exe (Blue Onion Software)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] File not found
O4 - HKCU..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
O4 - Startup: C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files (x86)\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RMClock.lnk = C:\Program Files (x86)\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: walkthewalk.org ([remote] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.198.23.208
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = walkthewalk.local
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 13:40:06 | 000,000,000 | ---D | C] -- C:\Users\Guy\Desktop\Stomped!
[2011/08/09 14:54:56 | 000,126,080 | ---- | C] (QUALCOMM Incorporated) -- C:\Windows\SysNative\drivers\cmnsusbser.sys
[2011/08/09 14:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom 7.2M Tri-band Modem
[2011/08/09 14:54:55 | 000,103,424 | ---- | C] (Thesycon GmbH) -- C:\Windows\SysWow64\MyDIT_GenClassCoInst.dll
[2011/08/09 14:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zoom 7.2M Tri-band Modem
[2011/08/07 22:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/05 21:19:31 | 000,000,000 | ---D | C] -- C:\Users\Guy\Library
[2011/08/05 18:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/05 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/05 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/05 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/05 18:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/05 18:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/08/05 18:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/05 18:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/05 18:20:26 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\Apple
[2011/08/04 19:05:27 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{40B10D20-593E-44D8-B60B-B8388C398F4A}
[2011/08/04 19:05:26 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\{444FCCD9-FE88-4420-9E56-C3F21804B8F5}
[2011/08/01 23:21:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/01 22:33:18 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Guy\Desktop\OTL.exe
[2011/08/01 22:15:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/01 22:00:27 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\temp
[2011/08/01 19:31:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/01 19:31:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/01 19:31:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/01 19:31:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/01 19:31:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/27 23:17:21 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011/07/27 19:49:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/27 19:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/07/27 19:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/27 19:48:46 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/07/27 19:48:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/27 19:48:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/27 19:48:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/27 19:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/07/26 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Roaming\ImgBurn
[2011/07/26 21:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/07/26 21:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/07/26 20:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColorPic 4.1
[2011/07/26 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ColorPic 4.1
[2011/07/25 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\IsolatedStorage
[2011/07/25 17:31:48 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Local\Blue_Onion_Software
[2011/07/25 17:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Onion Software
[2011/07/21 21:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GNU
[2011/07/21 21:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2011/07/21 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber
[2011/07/21 20:29:55 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Roaming\TalaPhoto Web Templates
[2011/07/21 17:40:14 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Roaming\Notepad++
[2011/07/19 19:22:33 | 000,000,000 | ---D | C] -- C:\Users\Guy\dwhelper
[2011/07/19 18:41:55 | 000,000,000 | ---D | C] -- C:\Users\Guy\AppData\Roaming\Anagram Technologies
[2011/07/18 17:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher

========== Files - Modified Within 30 Days ==========

[2011/08/15 06:44:10 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 06:44:10 | 000,014,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 06:43:15 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/15 06:43:15 | 000,631,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/15 06:43:15 | 000,111,456 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/15 06:37:07 | 000,000,433 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/08/15 06:36:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/14 14:47:47 | 000,000,850 | ---- | M] () -- C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RMClock.lnk
[2011/08/14 04:30:23 | 000,905,452 | ---- | M] () -- C:\Users\Guy\Desktop\Oz2.pdf
[2011/08/12 16:03:21 | 001,450,177 | ---- | M] () -- C:\Users\Guy\Desktop\Oz.pdf
[2011/08/09 14:54:56 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Zoom 7.2M Tri-band Modem.lnk
[2011/08/05 23:08:27 | 000,004,320 | ---- | M] () -- C:\ExeFix.reg
[2011/08/05 18:26:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/02 16:22:28 | 000,000,850 | RHS- | M] () -- C:\Users\Guy\ntuser.pol
[2011/08/01 23:17:46 | 001,450,885 | ---- | M] () -- C:\Users\Guy\Desktop\gmer.zip
[2011/08/01 22:33:21 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Guy\Desktop\OTL.exe
[2011/08/01 21:49:59 | 000,007,611 | ---- | M] () -- C:\Users\Guy\AppData\Local\Resmon.ResmonCfg
[2011/08/01 20:59:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/27 19:48:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/07/27 19:48:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/07/27 19:48:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/07/27 19:48:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/07/26 20:40:21 | 000,134,120 | ---- | M] () -- C:\Windows\ColorPic Uninstaller.exe
[2011/07/21 21:39:21 | 000,000,034 | ---- | M] () -- C:\Windows\cdplayer.ini
[2011/07/21 21:39:18 | 000,010,267 | ---- | M] () -- C:\Users\Guy\AppData\Roaming\TalaPhoto 2.0 Preferences
[2011/07/21 21:39:10 | 000,011,482 | ---- | M] () -- C:\Users\Guy\AppData\Roaming\TalaPhoto Music Library
[2011/07/21 20:44:31 | 000,000,102 | ---- | M] () -- C:\Users\Guy\AppData\Roaming\TalaPhoto License
[2011/07/20 06:11:13 | 002,967,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/19 17:14:44 | 000,459,989 | -H-- | M] () -- C:\Users\Guy\Desktop\.BridgeCacheT
[2011/07/19 17:14:44 | 000,025,938 | -H-- | M] () -- C:\Users\Guy\Desktop\.BridgeCache
[2011/07/18 21:19:37 | 000,001,047 | ---- | M] () -- C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk

========== Files Created - No Company Name ==========

[2011/08/14 04:30:23 | 000,905,452 | ---- | C] () -- C:\Users\Guy\Desktop\Oz2.pdf
[2011/08/12 16:03:20 | 001,450,177 | ---- | C] () -- C:\Users\Guy\Desktop\Oz.pdf
[2011/08/09 14:54:56 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Zoom 7.2M Tri-band Modem.lnk
[2011/08/09 14:54:55 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\ChgService.exe
[2011/08/05 23:08:26 | 000,004,320 | ---- | C] () -- C:\ExeFix.reg
[2011/08/05 18:26:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/01 19:31:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/01 19:31:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/01 19:31:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/01 19:31:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/01 19:31:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/26 21:49:05 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/07/26 20:40:21 | 000,134,120 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2011/07/25 23:41:53 | 001,450,885 | ---- | C] () -- C:\Users\Guy\Desktop\gmer.zip
[2011/07/25 17:31:45 | 000,002,721 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk Drive.lnk
[2011/07/21 23:15:16 | 000,007,611 | ---- | C] () -- C:\Users\Guy\AppData\Local\Resmon.ResmonCfg
[2011/07/21 21:39:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/07/21 20:56:38 | 000,011,482 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\TalaPhoto Music Library
[2011/07/21 20:44:31 | 000,000,102 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\TalaPhoto License
[2011/07/21 20:29:56 | 000,010,267 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\TalaPhoto 2.0 Preferences
[2011/07/19 17:14:44 | 000,459,989 | -H-- | C] () -- C:\Users\Guy\Desktop\.BridgeCacheT
[2011/07/19 17:14:44 | 000,025,938 | -H-- | C] () -- C:\Users\Guy\Desktop\.BridgeCache
[2011/07/18 21:19:37 | 000,001,047 | ---- | C] () -- C:\Users\Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
[2011/07/13 23:50:24 | 000,160,544 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/08 17:11:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/06/12 12:04:00 | 000,071,259 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2011/06/09 20:52:30 | 000,005,816 | ---- | C] () -- C:\Windows\SysWow64\casigmgr32s.dll
[2011/06/07 23:39:22 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/07 23:26:03 | 000,047,698 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/07 22:48:57 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/07 22:25:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/07 18:14:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/17 01:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/01/12 19:14:56 | 000,022,720 | ---- | C] () -- C:\Windows\SysWow64\haspds_msi.dll

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 11:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 12:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< End of report >

#35 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 15 August 2011 - 05:25 AM

Hmmm... I can't find any malware at the moment. So let's see if some other tools can.

:step1: MBAM

Please update and then run a full scan with MalwareByte's Anti-Malware.

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#36 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 17 August 2011 - 10:54 AM

Hi

negative results from both

I'm feeling a reinstall might be the only option

#37 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 17 August 2011 - 11:41 AM

Hold off on that for the moment, I'm going to ask for some help from some tech experts - they may have a few suggestions.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#38 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 17 August 2011 - 04:51 PM

Hello again,

Got a couple of things to try:

:step1: Firstly please download this file to your desktop and double click it. Allow it to be merged to your registry.
http://www.sevenforums.com/attachments/tutorials/123734d1312706455-default-file-type-associations-restore-default_exe.reg

Restart your PC.

:step2: Please download SystemLook from HERE and save it to your Desktop.
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :regfind
    26EE0668-A00A-44D7-9371-BEB064C98683
    
    17cd9488-1228-4b2f-88ce-4298e93e0966
    
    20d04fe0-3aea-1069-a2d8-08002b30309d
    
    F02C1A0D-BE21-4350-88B0-7367FC96EF3C
    
    A8A91A66-3A7D-4424-8D24-04E180695C7A
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#39 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 18 August 2011 - 03:21 AM

Hi here you are:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:18 on 18/08/2011 by Guy
Administrator - Elevation successful

========== regfind ==========

Searching for "26EE0668-A00A-44D7-9371-BEB064C98683"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DeviceUpdateLocations]
"::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{289A9A43-BE44-4057-A41B-587A76D7E7F9}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{43668BF8-C14E-49B2-97C9-747784D784B7}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{E413D040-6788-4C22-957E-175D1C513A34},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}]
"ParsingName"="shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{df7266ac-9274-4867-8d55-3bd661de872d}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\OpenContainingFolderHiddenList]
"Start menu search results for Control Panel"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\DeviceUpdateLocations]
"::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0F214138-B1D3-4a90-BBA9-27CBC0C5389A}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{289A9A43-BE44-4057-A41B-587A76D7E7F9}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{BC48B32F-5910-47F5-8570-5074A8A5636A},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{43668BF8-C14E-49B2-97C9-747784D784B7}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{4BFEFB45-347D-4006-A5BE-AC0CB0567192}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}\::{E413D040-6788-4C22-957E-175D1C513A34},"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{6F0CD92B-2E97-45D1-88FF-B0D186B8DEDD}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7007ACC7-3202-11D1-AAD2-00805FC1270E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{82A74AEB-AEB4-465C-A014-D097EE346D63}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{a305ce99-f527-492b-8b1a-7e76fa98d6e4}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}\::{d450a8a1-9568-45c7-9c0e-b4f9fb4537bd}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{de61d971-5ebc-4f02-a3a9-6c82895e5c04}]
"ParsingName"="shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{15eae92e-f17a-4431-9f28-805e482dafd4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{df7266ac-9274-4867-8d55-3bd661de872d}]
"ParsingName"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0\::{7b81be6a-ce2b-4676-a29e-eb907a5126c5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\OpenContainingFolderHiddenList]
"Start menu search results for Control Panel"="::{26EE0668-A00A-44D7-9371-BEB064C98683}\0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{26EE0668-A00A-44D7-9371-BEB064C98683}]

Searching for "17cd9488-1228-4b2f-88ce-4298e93e0966"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17cd9488-1228-4b2f-88ce-4298e93e0966}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{17cd9488-1228-4b2f-88ce-4298e93e0966}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{17cd9488-1228-4b2f-88ce-4298e93e0966}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{17cd9488-1228-4b2f-88ce-4298e93e0966}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{17cd9488-1228-4b2f-88ce-4298e93e0966}]

Searching for "20d04fe0-3aea-1069-a2d8-08002b30309d"
[HKEY_CURRENT_USER\Software\Adobe\Bridge CS4\Preferences]
"target"="bridge:fs:file:///::{20D04FE0-3AEA-1069-A2D8-08002B30309D} bridge:fs:file:///D: bridge:fs:file:///D:/My%20Pictures bridge:fs:file:///D:/My%20Pictures/General bridge:fs:file:///D:/My%20Pictures/General/Australia bridge:fs:file:///D:/My%20Pictures/General/Australia/Facebook"
[HKEY_CURRENT_USER\Software\Adobe\Bridge CS4\Preferences]
"Favorites"="bridge:script:bridgehome://home bridge:fs:file:///::{20D04FE0-3AEA-1069-A2D8-08002B30309D} bridge:special:desktop bridge:fs:file://///LEON/RedirectedFolders/Guy/My%20Documents bridge:fs:file://///LEON/RedirectedFolders/Guy/My%20Documents/My%20Pictures bridge:fs:file:///D:/Artwork/Logos/2012"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17]
"ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DeviceUpdateLocations]
"::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{0AC0837C-BBF8-452A-850D-79D08E667CA7}]
"ParsingName"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AppKey\17]
"ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\DeviceUpdateLocations]
"::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{0AC0837C-BBF8-452A-850D-79D08E667CA7}]
"ParsingName"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Adobe\Bridge CS4\Preferences]
"target"="bridge:fs:file:///::{20D04FE0-3AEA-1069-A2D8-08002B30309D} bridge:fs:file:///D: bridge:fs:file:///D:/My%20Pictures bridge:fs:file:///D:/My%20Pictures/General bridge:fs:file:///D:/My%20Pictures/General/Australia bridge:fs:file:///D:/My%20Pictures/General/Australia/Facebook"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Adobe\Bridge CS4\Preferences]
"Favorites"="bridge:script:bridgehome://home bridge:fs:file:///::{20D04FE0-3AEA-1069-A2D8-08002B30309D} bridge:special:desktop bridge:fs:file://///LEON/RedirectedFolders/Guy/My%20Documents bridge:fs:file://///LEON/RedirectedFolders/Guy/My%20Documents/My%20Pictures bridge:fs:file:///D:/Artwork/Logos/2012"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]

Searching for "F02C1A0D-BE21-4350-88B0-7367FC96EF3C"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}]
"ParsingName"="::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{D20BEEC4-5CA8-4905-AE3B-BF251EA09B53}]
"ParsingName"="::{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]

Searching for "A8A91A66-3A7D-4424-8D24-04E180695C7A"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8A91A66-3A7D-4424-8D24-04E180695C7A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DeviceDisplayObject\AllItems\Commands\Shell\Windows.Troubleshoot]
"ExplorerCommandHandler"="{A8A91A66-3A7D-4424-8D24-04E180695C7A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DeviceDisplayObject\AllItems\Shell\Windows.Troubleshoot]
"ExplorerCommandHandler"="{A8A91A66-3A7D-4424-8D24-04E180695C7A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8A91A66-3A7D-4424-8D24-04E180695C7A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A8A91A66-3A7D-4424-8D24-04E180695C7A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{A8A91A66-3A7D-4424-8D24-04E180695C7A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A8A91A66-3A7D-4424-8D24-04E180695C7A}]

-= EOF =-

#40 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 18 August 2011 - 01:31 PM

:step1: Lets take ownership of the explorer.exe and register the ExplorerFrame.dll to modify it.

1. Click the Microsoft Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:

regsvr32 ExplorerFrame.dll

7. You should see a message saying that your file was successfully installed. Then type the following:

cd C:\Windows

8. At C:\Windows command prompt, type the following and then press enter:

TAKEOWN /F explorer.exe

9. Type the following and hit enter:

cd C:\Windows\SysWOW64

and then repeat step 8.

10.Exit the command prompt and restart your PC.

Let me know if the problem is resolved. If not...

:step2: Please re-run step 2 from my last post but with this:
:regfind
explorer.exe
:reg
HKEY_CLASSES_ROOT\.EXE /s
HKEY_CLASSES_ROOT\exefile /s

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#41 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 19 August 2011 - 03:03 AM

Hi

on carrying out this

6. In the command window type the following and then hit enter:

regsvr32 ExplorerFrame.dll

The enclosed screenshot appeared...

Attached Files



#42 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 19 August 2011 - 03:15 AM

The other requests went fine but it didn't solve the problem.

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:06 on 19/08/2011 by Guy
Administrator - Elevation successful

========== regfind ==========

Searching for "explorer.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a4e0288f_0]
@="{0.0.0.00000000}.{c87ab069-0bb9-46bf-ac0a-fcf6b1dfdd12}|\Device\HarddiskVolume1\Windows\explorer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Folder\shell\dopus_openinexplorer\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_CURRENT_USER\Software\Classes\ftp\shell\dopus_openinexplorer\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\F7\52C64B7E]
"@C:\Windows\explorer.exe,-7021"="Help and Support"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\F7\52C64B7E]
"@C:\Windows\explorer.exe,-7023"="Run..."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\F7\52C64B7E]
"@explorer.exe,-7003"="Opens a program, folder, document, or web site."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CABFolder\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CABFolder\shell\Open\Command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AFACED1-E828-11D1-9187-B532F1E9575D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7020"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7021"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7022"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7023"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7025"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7005"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-254"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3080F90D-D7AD-11D9-BD98-0000947B0257}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3080F90E-D7AD-11D9-BD98-0000947B0257}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-258"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{682159d9-c321-47ca-b3f1-30e36b2ec8b9}\LocalServer32]
@="%SystemRoot%\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75dff2b7-6936-4c06-a8bb-676a7b00b24b}\LocalServer32]
@="%SystemRoot%\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceff45ee-c862-41de-aee2-a022c81eda92}\LocalServer32]
@="%SystemRoot%\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CompressedFolder\shell\Open\Command]
@="%SystemRoot%\Explorer.exe /idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DeviceDisplayObject\AllItems\Shell\Microsoft.DxpOpen\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DeviceDisplayObject\AllItems\Shell\Microsoft.DxpOpenInNewWindow\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Explorer.AssocProtocol.search-ms]
"FriendlyTypeName"="@%SystemRoot%\explorer.exe,-6010"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Explorer.AssocProtocol.search-ms\shell\open\command]
@="%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\opensearchdescription\shell\open\command]
@="%SystemRoot%\explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\search]
"FriendlyTypeName"="@%SystemRoot%\explorer.exe,-6010"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\search\shell\open\command]
@="%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\search-ms]
"FriendlyTypeName"="@%SystemRoot%\explorer.exe,-6010"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\search-ms\shell\open\command]
@="%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SHCmdFile\shell\open\command]
@="%SystemRoot%\explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bmp\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dib\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.gif\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jfif\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpe\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpeg\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jpg\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tif\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tiff\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wdp\Shell\setdesktopwallpaper\Command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0AFACED1-E828-11D1-9187-B532F1E9575D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7020"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7021"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7022"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7023"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7025"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7005"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-254"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3080F90D-D7AD-11D9-BD98-0000947B0257}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3080F90E-D7AD-11D9-BD98-0000947B0257}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-258"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{682159d9-c321-47ca-b3f1-30e36b2ec8b9}\LocalServer32]
@="%SystemRoot%\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{75dff2b7-6936-4c06-a8bb-676a7b00b24b}\LocalServer32]
@="%SystemRoot%\SysWow64\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ceff45ee-c862-41de-aee2-a022c81eda92}\LocalServer32]
@="%SystemRoot%\SysWow64\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
"AppName"="explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Capabilities]
"ApplicationDescription"="@%SystemRoot%\explorer.exe,-6012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Capabilities]
"ApplicationName"="@%SystemRoot%\explorer.exe,-6011"
[HKEY_LOCAL_MACHINE\SOFTWARE\Widcomm\Components\btsendto_explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
"AppName"="explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\RADAR\HeapLeakDetection\ReflectionApplications\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
"KillList"="%1;explorer.exe;dvdplay.exe;msohtmed.exe;quikview.exe;rundll.exe;rundll32.exe;taskman.exe;bck32api.dll;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\Capabilities]
"ApplicationDescription"="@%SystemRoot%\explorer.exe,-6012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\Capabilities]
"ApplicationName"="@%SystemRoot%\explorer.exe,-6011"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0AFACED1-E828-11D1-9187-B532F1E9575D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7020"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7021"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7022"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7023"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"LocalizedString"="@%SystemRoot%\explorer.exe,-7025"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}]
"InfoTip"="@explorer.exe,-7005"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-254"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3080F90D-D7AD-11D9-BD98-0000947B0257}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-103"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3080F90E-D7AD-11D9-BD98-0000947B0257}\DefaultIcon]
@="%SystemRoot%\explorer.exe,-258"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc}\shell\find\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{682159d9-c321-47ca-b3f1-30e36b2ec8b9}\LocalServer32]
@="%SystemRoot%\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{75dff2b7-6936-4c06-a8bb-676a7b00b24b}\LocalServer32]
@="%SystemRoot%\SysWow64\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ceff45ee-c862-41de-aee2-a022c81eda92}\LocalServer32]
@="%SystemRoot%\SysWow64\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92}"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\a4e0288f_0]
@="{0.0.0.00000000}.{c87ab069-0bb9-46bf-ac0a-fcf6b1dfdd12}|\Device\HarddiskVolume1\Windows\explorer.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Classes\Folder\shell\dopus_openinexplorer\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Classes\ftp\shell\dopus_openinexplorer\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Classes\Local Settings\MuiCache\F7\52C64B7E]
"@C:\Windows\explorer.exe,-7021"="Help and Support"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Classes\Local Settings\MuiCache\F7\52C64B7E]
"@C:\Windows\explorer.exe,-7023"="Run..."
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166\Software\Classes\Local Settings\MuiCache\F7\52C64B7E]
"@explorer.exe,-7003"="Opens a program, folder, document, or web site."
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166_Classes\Folder\shell\dopus_openinexplorer\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166_Classes\ftp\shell\dopus_openinexplorer\command]
@="%SystemRoot%\Explorer.exe"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166_Classes\Local Settings\MuiCache\F7\52C64B7E]
"@C:\Windows\explorer.exe,-7021"="Help and Support"
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166_Classes\Local Settings\MuiCache\F7\52C64B7E]
"@C:\Windows\explorer.exe,-7023"="Run..."
[HKEY_USERS\S-1-5-21-2072863056-4108601431-2172295681-1166_Classes\Local Settings\MuiCache\F7\52C64B7E]
"@explorer.exe,-7003"="Opens a program, folder, document, or web site."

========== reg ==========

[HKEY_CLASSES_ROOT\.EXE]
@="exefile"
"Content Type"="application/x-msdownload"

[HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"


[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=38 07 00 00 (REG_BINARY)
"FriendlyTypeName"="@%SystemRoot%\System32\shell32.dll,-10156"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"

[HKEY_CLASSES_ROOT\exefile\shell]
(No values found)

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=00 00 00 00 (REG_BINARY)

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=""%1" %*"
"IsolatedCommand"=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]
"HasLUAShield"=""

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=""%1" %*"
"IsolatedCommand"=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runasuser]
@="@shell32.dll,-50944"
"Extended"=""
"SuppressionPolicyEx"="{F211AA05-D4DF-4370-A2A0-9F19C09756A7}"

[HKEY_CLASSES_ROOT\exefile\shell\runasuser\command]
"DelegateExecute"="{ea72d00e-4960-42fa-ba92-7792a7944c1d}"

[HKEY_CLASSES_ROOT\exefile\shellex]
(No values found)

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers]
@="Compatibility"

[HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\Compatibility]
@="{1d27f844-3a1f-4410-85ac-14651078412d}"

[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers]
(No values found)

[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"


-= EOF =-

#43 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 19 August 2011 - 02:50 PM

Hi there,

Could you now attempt the following code:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D /s
HKEY_CLASSES_ROOT\http\shell\open\command /s

using SystemLook again.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#44 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:05:48 AM

Posted 22 August 2011 - 06:06 AM

Hi,

This is a 3 day bump.

Hopefully you're still with us but please be aware that if there is no reply within two days, then this topic will be closed as stale.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#45 gha128

gha128
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 22 August 2011 - 09:37 AM

Hi there

weekend got in the way!

Anyway:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:35 on 22/08/2011 by Guy
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@=""C:\Program Files\Internet Explorer\IEXPLORE.EXE""


[HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D]
(Unable to open key - key not found)

[HKEY_CLASSES_ROOT\http\shell\open\command]
@=""C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1""


-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users