Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92370 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Google Redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 17 November 2009 - 10:14 PM

Hello. I recently have been having some on and off problems with google.com. Sometimes it will work perfectly fine, sometimes it will not load at all, and sometimes it will redirect me to a random site. Additionally, I'm getting random notifications from Comodo Firewall that certain dll's are trying to access the registry or explorer.exe while I am leaving the system in idle. I've disabled all my auto upgrading software and it still happens. Here are the logs. NOTE: I couldn't post the RootRepeal log because I'm on a 64 bit OS and it doesn't support them it says. ESET Nod 32 didn't find anything, Malwarebytes didn't find anything which is why I'm here. Thanks for the help in advance. DDS LOG DDS (Ver_09-10-26.01) - NTFSX64 Run by Calvin at 22:43:08.82 on Tue 11/17/2009 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8191.4227 [GMT -5:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\PrintIsolationHost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files\StartKiller\StartKiller.exe C:\Program Files (x86)\Taskbar Activate\TaskbarActivate.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k secsvcs C:\OrCAD\license_manager\lmgrd.exe C:\Windows\system32\conhost.exe C:\OrCAD\license_manager\lmgrd.exe C:\OrCAD\license_manager\cdslmd.exe C:\Windows\explorer.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskhost.exe C:\Program Files\COMODO\EasyVPN\Vpnservice.exe C:\Program Files\COMODO\EasyVPN\crdphService.exe C:\Program Files\COMODO\EasyVPN\crdphService.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\notepad.exe F:\Calvin Hopkins Data\Downloads\Firefox Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm mWinlogon: Userinit=userinit.exe BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files (x86)\flashget\jccatch.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files (x86)\flashget\getflash.dll uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\daemon.exe" -autorun uRun: [StartKiller Application] c:\program files\startkiller\StartKiller.exe uRun: [Enhanced activation of the taskbar] c:\program files (x86)\taskbar activate\TaskbarActivate.exe uRun: [uTorrent] "c:\program files (x86)\utorrent\uTorrent.exe" uRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe mRun: [WinPatrol] c:\program files (x86)\billp studios\winpatrol\winpatrol.exe -expressboot mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE mRunOnce: [Malwarebytes' Anti-Malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\users\calvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\calvin\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\calvin\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files (x86)\stardock\objectdock\ObjectDock.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Download All with FlashGet - c:\program files (x86)\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files (x86)\flashget\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office11\EXCEL.EXE/3000 IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files (x86)\flashget\FlashGet.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab AppInit_DLLs: c:\windows\syswow64\guard32.dll mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun-x64: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h AppInit_DLLs-X64: c:\windows\system32\guard64.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\calvin\appdata\roaming\mozilla\firefox\profiles\kcqmso55.default\ FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-11 117064] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-11 33128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 203264] R2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [2009-11-4 1327104] R2 CrdphService;COMODO EasyVPN VNC Service;c:\program files\comodo\easyvpn\crdphService.exe [2009-8-11 646904] R2 EasyVpnAdpt;COMODO EasyVPN Service;c:\program files\comodo\easyvpn\Vpnservice.exe [2009-8-11 37112] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-5-14 731840] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 121152] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2009-10-29 1767816] R2 TeamViewer4;TeamViewer 4;c:\program files (x86)\teamviewer\version4\TeamViewer_Service.exe [2009-8-24 185640] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392] S2 AODService;AODService;c:\program files (x86)\amd\overdrive\AODAssist.exe [2009-5-5 124256] S3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\drivers\cmdatp.sys [2009-11-11 20496] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] =============== Created Last 30 ================ 2009-11-18 02:41:26 0 d-----w- c:\users\calvin\appdata\roaming\Malwarebytes 2009-11-18 02:39:07 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-18 02:39:07 0 d-----w- c:\programdata\Malwarebytes 2009-11-18 02:37:55 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2009-11-18 02:36:20 0 d-----w- c:\program files (x86)\Trend Micro 2009-11-17 14:15:02 0 d-----w- c:\programdata\Google 2009-11-11 17:21:22 0 d-----w- c:\program files (x86)\LogMeIn Hamachi 2009-11-11 16:52:58 20496 ----a-w- c:\windows\system32\drivers\cmdatp.sys 2009-11-11 16:52:57 0 d-----w- c:\users\calvin\appdata\roaming\COMODO 2009-11-10 06:25:16 604 ---ha-w- c:\windows\syswow64\T3 2009-11-10 06:25:16 604 ------w- c:\windows\T4 2009-11-10 06:25:16 0 d-----w- c:\programdata\Sibelius Software 2009-11-10 06:25:04 0 d-----w- c:\users\calvin\appdata\roaming\Sibelius Software 2009-11-10 06:22:21 0 d-----w- c:\program files (x86)\Sibelius Software 2009-11-07 03:59:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2009-11-05 01:48:44 0 d-----w- c:\users\calvin\.config 2009-11-04 07:02:24 0 d-----w- c:\program files (x86)\common files\Business Objects 2009-11-04 07:01:59 0 d-----w- C:\OrCAD_Data 2009-11-04 06:58:09 0 d-----w- c:\programdata\Macrovision 2009-11-04 06:57:38 309760 ----a-w- c:\windows\syswow64\lmgr326b.dll 2009-11-04 06:57:08 0 d-----w- C:\OrCAD 2009-11-04 06:38:46 90544 ----a-w- c:\windows\system32\drivers\scdemu.sys 2009-11-04 06:38:37 0 d-----w- c:\program files (x86)\PowerISO 2009-11-04 06:12:32 5958656 ----a-w- c:\windows\syswow64\mshtml.dll 2009-11-04 02:06:42 0 d-----w- c:\program files (x86)\Audua 2009-11-04 02:06:30 303616 ----a-w- c:\windows\IsUninst.exe 2009-10-30 17:17:29 0 d-----w- C:\PandoraFox 2009-10-27 05:37:47 0 d-----w- c:\temp\Windows 7 Professional (x86) - DVD (English) 2009-10-27 05:32:47 0 d-----w- c:\programdata\Apple Computer 2009-10-27 05:32:46 90112 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx 2009-10-27 05:32:46 57344 ----a-w- c:\windows\syswow64\QuickTime.qts 2009-10-27 05:32:42 0 d-----w- c:\program files (x86)\QuickTime Alternative 2009-10-27 05:31:22 0 d-----w- C:\Temp 2009-10-27 05:04:02 7574760 ----a-w- C:\MediaMonkey_3.1.1.1261.exe 2009-10-25 00:07:57 421888 ----a-w- C:\Downloader_for_Windows_7_Pro_RTM_x86_en(2).exe 2009-10-22 13:41:49 0 d-----w- c:\program files (x86)\TeamViewer ==================== Find3M ==================== 2009-11-10 06:25:16 604 ---ha-w- c:\program files (x86)\STLL Notifier 2009-10-14 04:28:25 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2009-10-14 04:28:25 149280 ----a-w- c:\windows\syswow64\javaws.exe 2009-10-14 04:28:25 145184 ----a-w- c:\windows\syswow64\javaw.exe 2009-10-14 04:28:25 145184 ----a-w- c:\windows\syswow64\java.exe 2009-10-12 00:29:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-10-11 21:55:44 871408 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-10-11 21:46:42 33128 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-10-11 21:46:42 240128 ----a-w- c:\windows\system32\guard64.dll 2009-10-11 21:46:42 179792 ----a-w- c:\windows\syswow64\guard32.dll 2009-10-11 21:46:42 117064 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-10-02 04:32:07 982600 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-10-01 14:29:14 238960 ------w- c:\windows\system32\MpSigStub.exe 2009-09-23 14:42:58 33856 ---ha-w- c:\windows\system32\drivers\hamachi.sys 2009-09-10 06:28:22 311808 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 05:52:05 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2009-09-05 05:56:22 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2009-09-03 07:36:39 1975296 ----a-w- c:\windows\system32\CertEnroll.dll 2009-09-03 07:04:15 1320960 ----a-w- c:\windows\syswow64\CertEnroll.dll 2009-08-29 07:50:23 46592 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:45:05 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-29 06:59:32 11406336 ----a-w- c:\windows\syswow64\wmp.dll 2009-08-29 06:57:31 34816 ----a-w- c:\windows\syswow64\msasn1.dll 2009-08-29 06:54:52 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 22:43:46.79 =============== ESET Nod 32 didn't find anything, Malwarebytes didn't find anything

Attached Files


    Advertisements

Register to Remove


#2 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 17 November 2009 - 11:40 PM

Hello and :welcome: Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise. This may cause a delay, but I will do my best to keep it as short as possible. I am checking over your log , I will post back shortly with instructions.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#3 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 19 November 2009 - 12:31 AM

Hi,

You have uTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.
P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realize. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
I would recommend that you uninstall uTorrent, via Control Panel -> Add or Remove Programs.

However, if you do not wish to remove this program please be advised not to use the said program during the course of cleaning your machine.

--Next--

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

To post in your next reply:
1. GMER log.
2. Is the google redirection happens on all your browsers (eg. Internet Explorer, Mozilla, Opera, etc)?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#4 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 19 November 2009 - 05:13 PM

When I ran the scan I got an error at the first second "C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process." I also don't know if it is happening with other browsers. It happens very randomly and I just use firefox for day to day items to I don't notice it in other browsers. The result of the scan is GMER hasn't found any system modification. The file I saved was blank.

#5 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 19 November 2009 - 10:55 PM

Hi,

Let's try this:

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at C:\Rooter.txt. Post that here.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#6 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 20 November 2009 - 09:45 AM

I ran it as admin and here it is. And I'm actually running Windows 7 64 bit contrary to what it says Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows 7 . (6.1.7600) [32_bits] - AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD . [wscsvc] (Security Center) RUNNING (state:4) [MpsSvc] RUNNING (state:4) Windows Firewall -> Enabled Windows Defender -> Enabled User Account Control (UAC) -> Enabled . Internet Explorer 8.0.7600.16385 Mozilla Firefox 3.5.5 (en-US) . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:144 Go - Free:96 Go ) D:\ [Fixed-NTFS] .. ( Total:199 Go - Free:40 Go ) E:\ [Fixed-NTFS] .. ( Total:219 Go - Free:76 Go ) F:\ [Fixed-NTFS] .. ( Total:199 Go - Free:117 Go ) G:\ [Fixed-NTFS] .. ( Total:98 Go - Free:94 Go ) H:\ [CD_Rom] I:\ [CD_Rom] J:\ [Removable] K:\ [CD_Rom] L:\ [Fixed-FAT32] .. ( Total:931 Go - Free:390 Go ) M:\ [CD_Rom] . Scan : 10:42.51 Path : F:\Calvin Hopkins Data\Downloads\Firefox Downloads\Rooter.exe User : Calvin ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) Locked System (4) ______ ?????????? (432) ______ ?????????? (540) ______ ?????????? (604) ______ ?????????? (628) ______ ?????????? (664) ______ ?????????? (692) ______ ?????????? (700) ______ ?????????? (788) ______ ?????????? (872) ______ ?????????? (932) ______ ?????????? (972) ______ ?????????? (264) ______ ?????????? (548) ______ ?????????? (756) ______ ?????????? (988) ______ ?????????? (1044) ______ ?????????? (1076) ______ ?????????? (1188) ______ ?????????? (1336) ______ ?????????? (1616) ______ ?????????? (1644) ______ ?????????? (1672) ______ ?????????? (1712) ______ C:\OrCAD\license_manager\lmgrd.exe (1128) ______ C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (1264) ______ ?????????? (1372) ______ C:\OrCAD\license_manager\lmgrd.exe (1404) ______ ?????????? (1508) ______ C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1832) ______ C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (1856) ______ C:\OrCAD\license_manager\cdslmd.exe (2076) ______ ?????????? (2124) ______ ?????????? (2164) ______ C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (2204) ______ C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (2460) ______ ?????????? (2728) ______ ?????????? (2828) ______ ?????????? (2856) ______ ?????????? (2680) ______ ?????????? (3428) ______ C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (3456) ______ ?????????? (3464) ______ C:\Program Files (x86)\Taskbar Activate\TaskbarActivate.exe (3480) ______ ?????????? (3536) ______ C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (3596) ______ ?????????? (4060) ______ ?????????? (3476) ______ C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (1140) ______ C:\Program Files (x86)\Java\jre6\bin\jusched.exe (1036) ______ C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (1452) ______ ?????????? (4056) ______ ?????????? (2924) ______ ?????????? (804) ______ ?????????? (1424) ______ ?????????? (4040) Locked ?9 (3472) ______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (1656) ______ C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe (3736) ______ C:\Program Files (x86)\Java\jre6\bin\java.exe (3580) ______ ?????????? (4884) ______ C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (812) ______ C:\PROGRA~2\FOXITS~1\FOXITR~1\FOXITR~1.EXE (3104) ______ ?????????? (1464) ______ ?????????? (3344) ______ ?????????? (4444) ______ ?????????? (4140) ______ F:\Calvin Hopkins Data\Downloads\Firefox Downloads\Rooter.exe (4120) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:155688067584) \Device\Harddisk0\Partition0 (Start_Offset:155688099840 | Length:844514173440) \Device\Harddisk0\Partition2 (Start_Offset:155688132096 | Length:236213558784) \Device\Harddisk0\Partition0 (Start_Offset:391901690880 | Length:608300582400) \Device\Harddisk0\Partition3 (Start_Offset:391901723136 | Length:608300550144) . ----------------------\\ Scheduled Tasks . C:\Windows\Tasks\SA.DAT C:\Windows\Tasks\SCHEDLGU.TXT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 10:42.52 . C:\Rooter$\Rooter_2.txt - (20/11/2009 | 10:42.52)

#7 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 21 November 2009 - 12:52 AM

Hi,

Am still not seeing anything malicious on your system. Please bear with me as we will be doing another diagnostic scan. Thank you.

Please do the following:
  • Download OTL to your desktop.
  • Right click on the icon and select "Run as administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
--Next--

Are you still experiencing google redirection? Can you post the links to the URL that you are trying to go from google?
Aside from google redirection, are there any other problems occurring in your computer?
Also, can you note then post what those dll files that comodo are notifying you of?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#8 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 21 November 2009 - 11:18 AM

The website in the url actually is google. Thats one of the weirdest things I've found with it. The sites themselves aren't exactly malicious either. They just aren't google.

I'll try to get a list together of the dll's i'm having it block. I really don't know whether or not they are entirely related.
OLT.txt

OTL logfile created on: 11/21/2009 12:07:19 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = F:\Calvin Hopkins Data\Downloads\Firefox Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 145.00 Gb Total Space | 96.43 Gb Free Space | 66.51% Space Free | Partition Type: NTFS
Drive D: | 200.00 Gb Total Space | 40.24 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive E: | 219.99 Gb Total Space | 76.10 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive F: | 200.00 Gb Total Space | 117.27 Gb Free Space | 58.64% Space Free | Partition Type: NTFS
Drive G: | 98.09 Gb Total Space | 94.74 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THESWAN
Current User Name: Calvin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - F:\Calvin Hopkins Data\Downloads\Firefox Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Calvin Hopkins Data\Downloads\Firefox Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Calvin Hopkins Data\Downloads\Firefox Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Calvin Hopkins Data\Downloads\Firefox Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Calvin Hopkins Data\Downloads\Firefox Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe (Foxit Software Company)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\OrCAD\license_manager\cdslmd.exe ()
PRC - C:\OrCAD\license_manager\cdslmd.exe ()
PRC - C:\OrCAD\license_manager\cdslmd.exe ()
PRC - C:\OrCAD\license_manager\lmgrd.exe (Macrovision Corporation)
PRC - C:\OrCAD\license_manager\lmgrd.exe (Macrovision Corporation)
PRC - C:\OrCAD\license_manager\lmgrd.exe (Macrovision Corporation)
PRC - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Taskbar Activate\TaskbarActivate.exe (Pierre-Marie DEVIGNE)
PRC - C:\Program Files (x86)\Taskbar Activate\TaskbarActivate.exe (Pierre-Marie DEVIGNE)


========== Modules (SafeList) ==========

MOD - F:\Calvin Hopkins Data\Downloads\Firefox Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\guard32.dll (COMODO)
MOD - C:\Program Files (x86)\MediaMonkey\MMHelper.dll ()
MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msxml3.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msiltcfg.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\fontext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\fms.dll (Windows ® Codename Longhorn DDK provider)
MOD - C:\Windows\SysWOW64\fltLib.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (CrdphService) -- C:\Program Files\COMODO\EasyVPN\crdphService.exe (COMODO)
SRV:64bit: - (EasyVpnAdpt) -- C:\Program Files\COMODO\EasyVPN\Vpnservice.exe ()
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 00,000,000 | ---D | M]
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (Cadence License Manager) -- C:\OrCAD\license_manager\lmgrd.exe (Macrovision Corporation)
SRV - (MSSQL$SQLEXPRESS) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\cmdatp.sys (Comodo, Inc.)
DRV - (CSC) -- C:\Windows\CSC [2009/10/11 19:28:24 | 00,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (Psched) -- C:\OrCAD\OrCAD_16.0\tools\pspice\psched.cnt ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 11 29 18 BC 4A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.6.0623
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 18:52:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/19 19:27:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2009/10/27 00:30:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2009/11/19 19:27:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0b4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/10/27 00:32:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0b4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/11/19 19:27:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/11 16:43:16 | 00,000,000 | ---D | M]

[2009/10/12 16:42:47 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Extensions
[2009/10/12 16:42:47 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/10/11 16:44:36 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/20 00:37:19 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\extensions
[2009/10/23 10:47:41 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/10/12 15:23:54 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2009/10/11 20:53:55 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/10/12 15:23:54 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/10/12 14:27:04 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/17 09:13:44 | 00,002,291 | ---- | M] () -- C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\kcqmso55.default\searchplugins\surf-canyon.xml
[2009/11/20 00:37:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 18:52:00 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/13 23:28:33 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/06 18:51:59 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 18:51:59 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/13 23:28:26 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/10/11 16:55:50 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/06 18:52:00 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 21:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/09/10 14:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
[2008/09/09 20:53:00 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2008/09/09 20:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/09/09 20:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/09/09 20:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/09/09 20:53:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/09/10 14:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
[2009/07/30 02:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 02:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 02:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 02:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 02:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 02:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 02:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (696 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Enhanced activation of the taskbar] C:\Program Files (x86)\Taskbar Activate\TaskbarActivate.exe (Pierre-Marie DEVIGNE)
O4 - HKCU..\Run: [StartKiller Application] C:\Program Files\StartKiller\StartKiller.exe (Tordex)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 130.64.5.5 130.64.1.13 130.64.63.13
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/09 20:23:47 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b128a40-b6b2-11de-9654-001d92b448e3}\Shell - "" = AutoRun
O33 - MountPoints2\{7b128a40-b6b2-11de-9654-001d92b448e3}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AUTORUN\SPLASH.EXE -- File not found
O33 - MountPoints2\L\Shell\INSTALL\COMMAND - "" = L:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 10:42:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/11/19 19:28:09 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/11/19 01:05:48 | 00,000,000 | ---D | C] -- F:\Calvin Hopkins Data\My Documents\My Scanned Music
[2009/11/19 01:04:55 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Roaming\Neuratron
[2009/11/19 01:01:56 | 09,068,589 | ---- | C] (IRIS (Image Recognition Integrated Systems)) -- C:\Windows\SysWow64\Drs832.dll
[2009/11/19 01:01:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Neuratron PhotoScore Ultimate Demo
[2009/11/18 01:16:05 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Local\MyPorts
[2009/11/17 23:10:08 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Local\ElevatedDiagnostics
[2009/11/17 22:36:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/17 22:32:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/11/17 21:41:26 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Roaming\Malwarebytes
[2009/11/17 21:39:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/11/17 21:39:07 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/11/17 21:39:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/17 21:39:07 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/17 21:37:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/17 21:36:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/11/17 09:15:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/11/17 09:15:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/11/11 11:52:58 | 00,020,496 | ---- | C] (Comodo, Inc.) -- C:\Windows\SysNative\drivers\cmdatp.sys
[2009/11/11 11:52:58 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2009/11/11 11:52:57 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Roaming\COMODO
[2009/11/10 01:25:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Sibelius Software
[2009/11/10 01:25:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Sibelius Software
[2009/11/10 01:25:04 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Roaming\Sibelius Software
[2009/11/10 01:22:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2009/11/04 20:48:44 | 00,000,000 | ---D | C] -- C:\Users\Calvin\.config
[2009/11/04 02:04:06 | 01,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet35.dll
[2009/11/04 02:04:06 | 00,901,120 | ---- | C] (Three |D| Graphics, Inc.) -- C:\Windows\SysWow64\sscsdk32.dll
[2009/11/04 02:04:06 | 00,274,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntwdblib.dll
[2009/11/04 02:04:06 | 00,178,176 | ---- | C] (MapInfo) -- C:\Windows\SysWow64\mxintl30.dll
[2009/11/04 02:04:06 | 00,139,264 | ---- | C] (MapInfo) -- C:\Windows\SysWow64\midlg30.dll
[2009/11/04 02:04:06 | 00,065,536 | ---- | C] (MapInfo) -- C:\Windows\SysWow64\mitmin30.dll
[2009/11/04 02:04:06 | 00,026,624 | ---- | C] (MapInfo) -- C:\Windows\SysWow64\midlin30.dll
[2009/11/04 02:04:05 | 00,736,768 | ---- | C] (MapInfo) -- C:\Windows\SysWow64\mapx30.ocx
[2009/11/04 02:04:05 | 00,346,112 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\crflt13.dll
[2009/11/04 02:04:05 | 00,320,000 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\crbas13.dll
[2009/11/04 02:04:05 | 00,303,616 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\crutl13.dll
[2009/11/04 02:04:05 | 00,159,232 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\crsyb13.dll
[2009/11/04 02:04:05 | 00,157,696 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\cror813.dll
[2009/11/04 02:04:05 | 00,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ASYCFILT.DL
[2009/11/04 02:04:05 | 00,138,752 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\cror713.dll
[2009/11/04 02:04:05 | 00,112,640 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\crgup13.dll
[2009/11/04 02:04:05 | 00,111,616 | ---- | C] (INTERSOLV, Inc.) -- C:\Windows\SysWow64\crdb213.dll
[2009/11/04 02:04:05 | 00,033,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DBNMdd92.rra
[2009/11/04 02:02:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2009/11/04 02:01:59 | 00,000,000 | ---D | C] -- C:\OrCAD_Data
[2009/11/04 01:58:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2009/11/04 01:58:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2009/11/04 01:57:38 | 00,309,760 | ---- | C] (Globetrotter Software Inc) -- C:\Windows\SysWow64\lmgr326b.dll
[2009/11/04 01:57:36 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/11/04 01:57:08 | 00,000,000 | ---D | C] -- C:\OrCAD
[2009/11/04 01:56:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/11/04 01:38:46 | 00,090,544 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2009/11/04 01:38:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2009/11/04 01:12:33 | 09,272,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/11/04 01:12:32 | 05,958,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/03 21:25:19 | 00,000,000 | ---D | C] -- F:\Calvin Hopkins Data\My Documents\Speaker Project
[2009/11/03 21:06:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Audua
[2009/11/03 21:06:30 | 00,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2009/10/31 21:33:55 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Roaming\vlc
[2009/10/30 12:17:29 | 00,000,000 | ---D | C] -- C:\PandoraFox
[2009/10/27 00:32:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/10/27 00:32:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/10/27 00:32:46 | 00,090,112 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2009/10/27 00:32:46 | 00,057,344 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2009/10/27 00:32:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime Alternative
[2009/10/27 00:31:22 | 00,000,000 | ---D | C] -- C:\Temp
[2009/10/27 00:04:02 | 07,574,760 | ---- | C] (Ventis Media Inc. ) -- C:\MediaMonkey_3.1.1.1261.exe
[2009/10/26 21:57:41 | 00,000,000 | ---D | C] -- F:\Calvin Hopkins Data\My Documents\Other
[2009/10/24 19:07:57 | 00,421,888 | ---- | C] (e-academy Inc.) -- C:\Downloader_for_Windows_7_Pro_RTM_x86_en(2).exe
[2009/10/22 21:51:51 | 00,000,000 | ---D | C] -- C:\Users\Calvin\AppData\Roaming\GRETECH

========== Files - Modified Within 30 Days ==========

[2009/11/21 12:08:56 | 02,097,152 | -HS- | M] () -- C:\Users\Calvin\NTUSER.DAT
[2009/11/21 12:06:53 | 00,128,412 | ---- | M] () -- C:\Users\Calvin\Desktop\log1.htm
[2009/11/19 19:26:15 | 00,001,594 | ---- | M] () -- C:\Users\Calvin\Desktop\DivX Movies.lnk
[2009/11/19 15:40:58 | 00,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/19 15:40:58 | 00,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/19 15:39:07 | 00,779,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/19 15:39:07 | 00,661,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/19 15:39:07 | 00,121,138 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/19 15:33:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/19 15:33:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/19 15:33:01 | 61,985,4882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/19 15:32:58 | 21,469,83935 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/19 15:25:17 | 00,124,224 | ---- | M] () -- C:\Users\Calvin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/19 15:24:32 | 00,439,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/11/19 09:10:51 | 01,798,608 | -H-- | M] () -- C:\Users\Calvin\AppData\Local\IconCache.db
[2009/11/10 01:25:16 | 00,000,604 | -H-- | M] () -- C:\Windows\SysWow64\T3
[2009/11/10 01:25:16 | 00,000,604 | -H-- | M] () -- C:\ProgramData\T2
[2009/11/10 01:25:16 | 00,000,604 | -H-- | M] () -- C:\Program Files (x86)\STLL Notifier
[2009/11/06 22:59:01 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/11/05 13:05:58 | 28,155,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT.exe
[2009/11/04 09:17:55 | 00,000,750 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/11/02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/29 18:40:23 | 00,026,112 | ---- | M] () -- F:\Calvin Hopkins Data\My Documents\ES5 Lab 2.doc
[2009/10/27 00:03:40 | 07,574,760 | ---- | M] (Ventis Media Inc. ) -- C:\MediaMonkey_3.1.1.1261.exe
[2009/10/25 16:54:37 | 00,032,768 | ---- | M] () -- F:\Calvin Hopkins Data\My Documents\Music 64 Midterm (Calvin Hopkins).doc
[2009/10/25 16:52:20 | 00,032,768 | ---- | M] () -- F:\Calvin Hopkins Data\My Documents\Music 64 Midterm.doc
[2009/10/24 19:05:39 | 00,421,888 | ---- | M] (e-academy Inc.) -- C:\Downloader_for_Windows_7_Pro_RTM_x86_en(2).exe

========== Files Created - No Company Name ==========

[2009/11/21 12:06:53 | 00,128,412 | ---- | C] () -- C:\Users\Calvin\Desktop\log1.htm
[2009/11/19 19:26:15 | 00,001,594 | ---- | C] () -- C:\Users\Calvin\Desktop\DivX Movies.lnk
[2009/11/19 15:33:01 | 61,985,4882 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/10 01:25:16 | 00,000,604 | -H-- | C] () -- C:\Windows\SysWow64\T3
[2009/11/10 01:25:16 | 00,000,604 | -H-- | C] () -- C:\ProgramData\T2
[2009/11/10 01:25:16 | 00,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2009/11/06 22:59:01 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2009/11/04 02:04:06 | 00,903,168 | ---- | C] () -- C:\Windows\SysWow64\mitmdl30.dll
[2009/11/04 02:04:06 | 00,014,316 | ---- | C] () -- C:\Windows\SysWow64\rule1.llr
[2009/11/04 02:04:06 | 00,006,664 | ---- | C] () -- C:\Windows\SysWow64\rule1.dfa
[2009/11/04 02:04:06 | 00,000,796 | ---- | C] () -- C:\Windows\SysWow64\qecr.lic
[2009/11/04 02:04:05 | 00,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2009/11/04 02:04:05 | 00,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2009/11/04 02:04:05 | 00,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2009/11/04 02:04:05 | 00,085,184 | ---- | C] () -- C:\Windows\SysWow64\mapInfow.prj
[2009/11/04 02:04:05 | 00,047,759 | ---- | C] () -- C:\Windows\SysWow64\foxpro.int
[2009/11/04 02:04:05 | 00,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2009/11/04 02:04:05 | 00,026,135 | ---- | C] () -- C:\Windows\SysWow64\crsyb13.hlp
[2009/11/04 02:04:05 | 00,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2009/11/04 02:04:05 | 00,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2009/11/04 02:04:05 | 00,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2009/11/04 02:04:05 | 00,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2009/11/04 02:04:05 | 00,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2009/11/04 02:04:05 | 00,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2009/11/04 02:04:05 | 00,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2009/11/04 02:04:05 | 00,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2009/11/04 02:04:05 | 00,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2009/11/04 02:04:05 | 00,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2009/11/04 02:04:05 | 00,000,451 | ---- | C] () -- C:\Windows\SysWow64\mapx30.lic
[2009/10/29 18:40:22 | 00,026,112 | ---- | C] () -- F:\Calvin Hopkins Data\My Documents\ES5 Lab 2.doc
[2009/10/25 16:54:37 | 00,032,768 | ---- | C] () -- F:\Calvin Hopkins Data\My Documents\Music 64 Midterm (Calvin Hopkins).doc
[2009/10/23 21:56:01 | 00,032,768 | ---- | C] () -- F:\Calvin Hopkins Data\My Documents\Music 64 Midterm.doc
[2009/10/12 15:48:45 | 00,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/11 22:36:53 | 00,000,750 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/11 17:06:35 | 01,798,608 | -H-- | C] () -- C:\Users\Calvin\AppData\Local\IconCache.db
[2009/10/11 17:02:36 | 00,124,224 | ---- | C] () -- C:\Users\Calvin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/11 16:57:53 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/10/11 16:57:52 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/10/11 16:57:48 | 02,402,304 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009/10/11 16:57:47 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/10/11 16:57:47 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/10/11 16:57:47 | 00,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/10/11 16:57:40 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/10/11 16:57:40 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/07/14 00:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 00:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/07/13 21:34:57 | 00,000,499 | ---- | C] () -- C:\Windows\win.ini
[2009/07/13 21:34:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 18:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2002/02/27 10:41:28 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2002/02/27 10:41:26 | 00,139,264 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2002/02/27 10:41:26 | 00,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll

========== LOP Check ==========

[2009/10/11 17:13:57 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\DAEMON Tools Lite
[2009/11/19 15:33:48 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Dropbox
[2009/10/11 20:51:06 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\FlashGet
[2009/10/11 16:56:06 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Foxit
[2009/11/19 01:04:55 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Neuratron
[2009/10/11 17:02:36 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Rainmeter
[2009/11/10 01:25:51 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Sibelius Software
[2009/10/23 14:41:27 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\SSH
[2009/10/11 22:24:23 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Stardock
[2009/10/18 00:07:05 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\TeamViewer
[2009/10/12 16:42:47 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\Thunderbird
[2009/11/19 15:34:13 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\uTorrent
[2009/10/11 16:59:17 | 00,000,000 | ---D | M] -- C:\Users\Calvin\AppData\Roaming\WinPatrol
[2009/11/19 15:33:10 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 00,003,392 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >




________________________________________________________________________________
___


OTL Extras logfile created on: 11/21/2009 12:07:19 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = F:\Calvin Hopkins Data\Downloads\Firefox Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 145.00 Gb Total Space | 96.43 Gb Free Space | 66.51% Space Free | Partition Type: NTFS
Drive D: | 200.00 Gb Total Space | 40.24 Gb Free Space | 20.12% Space Free | Partition Type: NTFS
Drive E: | 219.99 Gb Total Space | 76.10 Gb Free Space | 34.59% Space Free | Partition Type: NTFS
Drive F: | 200.00 Gb Total Space | 117.27 Gb Free Space | 58.64% Space Free | Partition Type: NTFS
Drive G: | 98.09 Gb Total Space | 94.74 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THESWAN
Current User Name: Calvin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{16622757-3724-4DA8-A5CC-3CE75636E8B9}" = COMODO EasyVPN
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{66F644DA-4ED8-4D03-83D2-A7156AA562BC}" = ESET NOD32 Antivirus
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85EA529C-CCBD-464D-8163-4313B116DAB1}" = Start Killer
"{88EB92AB-ABD3-E13C-3AEE-B7518354B55A}" = ATI Catalyst Install Manager
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"COMODO Internet Security" = COMODO Internet Security
"MatlabR2009a" = MATLAB R2009a
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B9E27C7-9ECD-4362-B311-030EA48F8E72}" = Crystal XI
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{CE9CAAD2-A4CA-48CC-B0C2-07254867FAD4}" = Cadence License Manager
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF9312A2-9810-40E2-9954-617DDE7B123F}" = Release OrCAD 16.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0b4)" = Mozilla Thunderbird (3.0b4)
"MyPorts_is1" = MyPorts - build 1.01.03 - If an older version of MyPorts is alr
"Neuratron PhotoScore Ultimate Demo" = Neuratron PhotoScore Ultimate Demo
"ObjectDock Plus" = ObjectDock Plus
"PandoraSaver (standalone)_is1" = PandoraSaver 1.008e (standalone)
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"Rainmeter" = Rainmeter (remove only)
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Revo Uninstaller" = Revo Uninstaller 1.83
"Speaker Workshop" = Speaker Workshop
"Taskbar Activate" = Taskbar Activate
"TeamViewer 4" = TeamViewer 4
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WinPatrol" = WinPatrol 2009

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2009 9:00:57 PM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc000041d Fault offset: 0x0000000000029328 Faulting
process id: 0x16a0 Faulting application start time: 0x01ca67ea95e90949 Faulting application
path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: d3b33e61-d3dd-11de-93e5-001d92b448e3

Error - 11/17/2009 9:02:14 PM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc000041d Fault offset: 0x0000000000029328 Faulting
process id: 0x15a4 Faulting application start time: 0x01ca67eac4416c62 Faulting application
path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 020a1ad4-d3de-11de-93e5-001d92b448e3

Error - 11/17/2009 9:02:16 PM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: mmc.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc808 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc000041d Fault offset: 0x0000000000029328 Faulting
process id: 0xb20 Faulting application start time: 0x01ca67eac565a559 Faulting application
path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 032f8c50-d3de-11de-93e5-001d92b448e3

Error - 11/17/2009 10:30:03 PM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x0000000000051da0
Faulting
process id: 0xf60 Faulting application start time: 0x01ca67d90e823942 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 46b823ce-d3ea-11de-93e5-001d92b448e3

Error - 11/18/2009 12:46:11 AM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.1.3593, time
stamp: 0x4aef8082 Faulting module name: FOXITR~1.OCX, version: 1.0.0.1, time stamp:
0x495057f6 Exception code: 0xc0000005 Fault offset: 0x00002c8e Faulting process id:
0xc34 Faulting application start time: 0x01ca6807e5ee1a30 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX
Report
Id: 4aa98ca6-d3fd-11de-93e5-001d92b448e3

Error - 11/18/2009 9:56:42 PM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x0000000000051da0
Faulting
process id: 0xf00 Faulting application start time: 0x01ca68b5c17f7929 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c8705a55-d4ae-11de-93e5-001d92b448e3

Error - 11/19/2009 2:00:01 AM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000374 Fault offset: 0x00000000000c6cd2
Faulting
process id: 0x1890 Faulting application start time: 0x01ca68bb8c9a345f Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c58a304e-d4d0-11de-93e5-001d92b448e3

Error - 11/19/2009 2:02:42 AM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x0000000000051da0
Faulting
process id: 0x1ae8 Faulting application start time: 0x01ca68dd894b0dce Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 25bc3b23-d4d1-11de-93e5-001d92b448e3

Error - 11/19/2009 10:10:31 AM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be059 Exception code: 0xc000041d Fault offset: 0x0000000000014833
Faulting
process id: 0x1974 Faulting application start time: 0x01ca68dde9d30216 Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll
Report
Id: 4b2ec98f-d515-11de-93e5-001d92b448e3

Error - 11/20/2009 4:05:31 AM | Computer Name = TheSwan | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.1.3593, time
stamp: 0x4aef8082 Faulting module name: FOXITR~1.OCX, version: 1.0.0.1, time stamp:
0x495057f6 Exception code: 0xc0000005 Fault offset: 0x00002c8e Faulting process id:
0x678 Faulting application start time: 0x01ca697837ff4deb Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX
Report
Id: 7846123a-d5ab-11de-9fd7-001d92b448e3

[ System Events ]
Error - 11/18/2009 9:46:06 PM | Computer Name = TheSwan | Source = DCOM | ID = 18213
Description =

Error - 11/19/2009 4:24:25 PM | Computer Name = TheSwan | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/19/2009 4:24:25 PM | Computer Name = TheSwan | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/19/2009 4:33:08 PM | Computer Name = THESWAN | Source = BugCheck | ID = 1001
Description =

Error - 11/19/2009 4:33:02 PM | Computer Name = TheSwan | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/19/2009 4:33:02 PM | Computer Name = TheSwan | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/20/2009 12:14:04 PM | Computer Name = TheSwan | Source = DCOM | ID = 18213
Description =

Error - 11/20/2009 12:14:04 PM | Computer Name = TheSwan | Source = DCOM | ID = 18213
Description =

Error - 11/20/2009 12:14:04 PM | Computer Name = TheSwan | Source = DCOM | ID = 18213
Description =

Error - 11/20/2009 12:14:04 PM | Computer Name = TheSwan | Source = DCOM | ID = 18213
Description =


< End of report >


I'll try to keep a running tab of dll's that it blocks. I just recently purged the log of things that were in it and I'm not sure which are the ones I'm looking for right now. I'll make another post and update it with dll's that I find.


I don't really know if anything else is going on. Comodo crashes every once in a while. I'm not sure whether its getting tied up. Or that is actualy something that is a problem. Every once and a while I'll have multiple explorer.exe running and ill close them all and start them all back up again. And occasionally when I close an explorer tab I will get an "Explorer.exe has stopped running properly" error. and I'll have to restart that. Whether these are by the same problem I don't know. And yes I still do get a google misdirect every once and a while. As I said before it seems to be completely random.

#9 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 23 November 2009 - 12:27 AM

Its getting close to the three days of inactivity. I was wondering if you had any ideas on anything yet?

#10 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 23 November 2009 - 12:31 AM

Hi Calvin, Sorry for the delay here. Please be assured that we are working on your log. Hang tight. Thank you. :blush:

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!

    Advertisements

Register to Remove


#11 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 23 November 2009 - 12:10 PM

Hello. So I've been tracking the dll's that are launched. They all are from the C:\Program Files (x86)\Common Files\Business Objects\3.0\bin but i haven't been able to find any information about them online at all. Would they be safe? or am I right to deny them to run.

#12 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 23 November 2009 - 07:46 PM

Hi,

Those files are from Crystal Reports, a third party reporting tool used by Visual Basic.

Please do the following:
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O33 - MountPoints2\{7b128a40-b6b2-11de-9654-001d92b448e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b128a40-b6b2-11de-9654-001d92b448e3}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found
    O33 - MountPoints2\L\Shell - "" = AutoRun
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AUTORUN\SPLASH.EXE -- File not found
    O33 - MountPoints2\L\Shell\INSTALL\COMMAND - "" = L:\SETUP.EXE -- File not found
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the result and a new OTL log in your next reply. ( don't check the boxes beside LOP Check or Purity this time )

--Next--

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post back the log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

--Next--

Please do a scan with Kaspersky Online Scanner or from Here.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Once the scan is complete, click on View scan report To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.

Posted Image



To post in your next reply:
1. OTL result log.
2. Malwarebytes log.
3. Kaspersky log.
4. How is your computer doing at the moment?

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#13 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 24 November 2009 - 12:31 AM

OTL LOGAll processes killed ========== OTL ========== No active process named explorer.exe was found! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b128a40-b6b2-11de-9654-001d92b448e3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b128a40-b6b2-11de-9654-001d92b448e3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b128a40-b6b2-11de-9654-001d92b448e3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b128a40-b6b2-11de-9654-001d92b448e3}\ not found. File K:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found. File L:\AUTORUN\SPLASH.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found. File L:\SETUP.EXE not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Calvin ->Temp folder emptied: 10244700 bytes ->Temporary Internet Files folder emptied: 945093 bytes ->Java cache emptied: 30372969 bytes ->FireFox cache emptied: 48949628 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes Windows Temp folder emptied: 56408891 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 136709 bytes Total Files Cleaned = 140.29 mb OTL by OldTimer - Version 3.1.6.1 log created on 11242009_002137 Files\Folders moved on Reboot... C:\Users\Calvin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Malwarebytes log Malwarebytes' Anti-Malware 1.41 Database version: 3221 Windows 6.1.7600 11/24/2009 12:40:36 AM mbam-log-2009-11-24 (00-40-36).txt Scan type: Quick Scan Objects scanned: 95520 Time elapsed: 1 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The first link for kapersky gave me this error: Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Scanning could not be started. [0x80004005]] I then went to the second link and it said: The current Kaspersky Online Scanner is unavailable - we apologize for the inconvenience. My computer seems to be doing about the same. For 90% of the time it performs great however 1 out of every ten times I go on the internet and try to access Google it fails miserably. Sometimes it is just Firefox. Sometimes it is more browsers. I haven't gotten any redirects within the past two days but I have gotten blocked from going to it. Then I've logged onto another computer and have had google work on the other computer right away (same internet connection through same router).

#14 inzanity

inzanity

    ♠♠lost♠♠

  • Malware Team
  • 2,340 posts

Posted 25 November 2009 - 12:45 AM

Hi,

You are getting blocked from going to google? So far we are not seeing anything malicious on your system.

Let's try uninstalling Firefox then downloading a fresh copy from here then reinstalling it. Let's see if that can atleast solve some of the problems.

--Next--

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
The latest update is Java 6 update 17

Now to Clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings... button
  • click the Delete Files button.
  • There are two options in the window to clear the cache - Leave both Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Settings
  • Click OK to leave the Java Control Panel.
--Next--

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Also, please advise again on how your computer is doing at the moment. Thank you.

Proud graduate of WTT Classroom


The help we provide here is free, however, if you wish to donate, you can do so here: http://www.whatthetech.com/donate/

ASAP and UNITE member

________________________________________________


!


#15 Calvin.sparta

Calvin.sparta

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 26 November 2009 - 06:15 PM

Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251 esets_scanner_update returned -1 esets_gle=53251 esets_scanner_update returned -1 esets_gle=53251 It said the scan completed in 0:00:00. I'm doubtful that it ever ran. I disabled Comodo, ESET, and Windows Defender during the period. I haven't been having any troubles with google. Right now all the problems are with explorer.exe. I think that might just be a compatibility issue with windows 7 and WinRAR though cause it only ever happens with that. Google hasn't given me any problems recently though.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users