Jump to content

Very stubborn infection


Recommended Posts

I've recently had an infection pop up that just doesn't want to disappear even after several attempts with MalwareBytes and following the initial instructions, logs are posted below (with the the exception of the GMER log which I cannot run since I'm on 64 bit):

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4129

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/22/2010 7:58:41 AM

mbam-log-2010-05-22 (07-58-41).txt

Scan type: Quick scan

Objects scanned: 138323

Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Dan\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Dan\AppData\Roaming\install\Svchost.exe (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

C:\Users\Dan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Dan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Dan at 9:11:49.77 on Sat 05/22/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8062.6068 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\UltraVNC\WinVNC.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\UltraVNC\WinVNC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

E:\Current Torrents\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll

uRun: [AnyDVD] c:\program files (x86)\slysoft\anydvd\AnyDVDtray.exe

uRun: [LightScribe Control Panel] c:\program files (x86)\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [HKCU] c:\users\dan\appdata\roaming\install\Svchost.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [CloneCDTray] "c:\program files (x86)\slysoft\clonecd\CloneCDTray.exe" /s

mRun: [AirPort Base Station Agent] "c:\program files (x86)\airport\APAgent.exe"

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\dan\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\camera~1.lnk - c:\program files (x86)\pixela\everio mediabrowser hd edition\MBCameraMonitor.exe

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {78D8FE92-8663-4756-A696-20B35FB2540A} = 192.168.0.1

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\x64\3\EKIJ5000MUI.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun-x64: [LogMeIn GUI] "c:\program files (x86)\logmein\x64\LogMeInSystray.exe"

mRun-x64: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

================= FIREFOX ===================

FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\qqaphmmv.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll

FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\dan\appdata\roaming\mozilla\firefox\profiles\qqaphmmv.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-5-22 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-5-22 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-22 81072]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\kodak\aio\center\ekdiscovery.exe [2010-2-11 300400]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\logmein\x64\rainfo.sys [2008-8-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-13 72216]

R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2010-4-13 1793976]

R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-4-13 12096]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-25 61280]

S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr7364.sys [2009-5-20 716288]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1255736]

=============== Created Last 30 ================

2010-05-22 13:11:15 0 ----a-w- c:\users\dan\defogger_reenable

2010-05-22 12:10:05 0 d-----w- c:\users\dan\appdata\roaming\Avira

2010-05-22 12:08:46 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-05-22 12:08:46 0 d-----w- c:\programdata\Avira

2010-05-22 12:08:46 0 d-----w- c:\program files (x86)\Avira

2010-05-22 12:03:32 1162 ----a-w- c:\users\dan\appdata\roaming\cglogs.dat

2010-05-20 10:19:16 66040 ----a-w- c:\windows\system32\drivers\mozy.sys

2010-05-20 01:53:17 0 d-----w- c:\programdata\NOS

2010-05-17 21:40:54 0 d-----w- c:\programdata\LightScribe

2010-05-17 21:27:24 0 d-----w- c:\program files (x86)\LightScribe Template Labeler

2010-05-17 21:12:14 0 d-----w- c:\program files (x86)\LightScribe

2010-05-12 03:27:23 976896 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-12 03:27:22 740864 ----a-w- c:\windows\syswow64\inetcomm.dll

2010-05-10 23:35:28 0 d-----w- c:\programdata\regid.1986-12.com.adobe

2010-05-08 20:59:47 0 d-----w- c:\programdata\Sun

2010-05-08 20:47:21 411368 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-05-08 20:47:21 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-05-08 20:47:21 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-05-08 20:47:21 145184 ----a-w- c:\windows\syswow64\java.exe

2010-05-08 20:24:23 0 d-----w- c:\programdata\Logishrd

2010-05-08 20:24:22 0 d-----w- c:\program files\Logitech

2010-05-08 20:23:31 0 d-----w- c:\program files\common files\LogiShrd

2010-05-08 20:23:21 0 d-----w- c:\users\dan\appdata\roaming\Logishrd

2010-05-08 20:22:33 0 d-----w- c:\users\dan\appdata\roaming\JoshPressnell

2010-05-08 20:20:18 0 d-----w- c:\program files (x86)\Common Backup

2010-05-08 15:04:18 0 d-----w- c:\programdata\CyberLink

2010-05-05 23:29:36 0 d-----w- c:\users\dan\logitech

2010-05-05 23:28:50 0 d-----w- c:\program files (x86)\common files\Remote Control Software Common

2010-05-05 23:28:10 0 d-----w- c:\program files (x86)\common files\Remote Control USB Driver

2010-04-30 04:21:21 0 d-----w- c:\program files\iPod

2010-04-30 04:21:20 0 d-----w- c:\program files\iTunes

2010-04-30 04:19:37 0 d-----w- c:\program files\Bonjour

2010-04-30 04:19:37 0 d-----w- c:\program files (x86)\Bonjour

2010-04-28 09:56:46 0 d-----w- c:\program files (x86)\common files\PX Storage Engine

2010-04-27 23:27:42 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-04-27 23:27:38 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-27 23:27:38 12867072 ----a-w- c:\windows\syswow64\shell32.dll

2010-04-27 23:27:37 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-04-27 23:27:37 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-04-27 23:27:37 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-04-26 22:04:42 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl

2010-04-25 15:55:54 0 d-----w- c:\users\dan\Tracing

2010-04-25 15:55:12 61280 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2010-04-25 15:55:10 0 d-----w- c:\program files\Windows Live

2010-04-25 15:53:44 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2010-04-25 15:53:44 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll

2010-04-25 15:53:41 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2010-04-25 15:52:41 0 d-----w- c:\program files (x86)\Windows Live SkyDrive

2010-04-25 15:46:53 0 d-----w- c:\program files (x86)\common files\Windows Live

2010-04-25 15:41:38 0 d-----w- c:\program files (x86)\Microsoft

2010-04-25 15:31:04 0 d-----w- c:\windows\PCHEALTH

2010-04-25 15:29:06 0 d-----w- c:\program files\Microsoft Office

2010-04-25 15:28:21 0 d-----w- c:\programdata\Microsoft Help

2010-04-23 16:31:09 123840 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

==================== Find3M ====================

2010-05-12 15:21:16 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-04-29 19:39:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-13 22:18:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-04-13 22:16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-04-13 20:49:56 26432 ----a-w- c:\windows\system32\mv2.dll

2010-04-13 20:49:56 12096 ----a-w- c:\windows\system32\drivers\mv2.sys

2010-04-08 17:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 17:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe

2010-04-08 17:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll

2010-04-08 17:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe

2010-03-26 12:15:48 287448 ----a-w- c:\windows\system32\drivers\e1e6232e.sys

2010-03-24 12:11:20 91840 ----a-w- c:\windows\system32\NicInE6.dll

2010-03-19 13:31:57 89256 ----a-w- c:\windows\syswow64\ElbyCDIO.dll

2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-03-08 17:59:18 94208 ----a-w- c:\windows\syswow64\dpl100.dll

2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 9:12:15.22 ===============

Link to post
Share on other sites

Adding HiJackThis log, please help thread has had over 40 views and no responses, the other symptom that I'm seeing is IE windows opening randomly on their own to an AdFly window. I apologize for the multiple posts, but I'm under a bit of a time crunch on a project and this is affecting it and has been for about a week.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:46:54 PM, on 5/22/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Dan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HKCU] C:\Users\Dan\AppData\Roaming\install\Svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

O4 - Global Startup: Camera Monitor HD.lnk = ?

O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{78D8FE92-8663-4756-A696-20B35FB2540A}: NameServer = 192.168.0.1

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10091 bytes

Link to post
Share on other sites

I've recently had an infection pop up that just doesn't want to disappear even after several attempts with MalwareBytes and following the initial instructions, logs are posted below (with the the exception of the GMER log which I cannot run since I'm on 64 bit):

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4129

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/22/2010 7:58:41 AM

mbam-log-2010-05-22 (07-58-41).txt

Scan type: Quick scan

Objects scanned: 138323

Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Dan\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Dan\AppData\Roaming\install\Svchost.exe (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

C:\Users\Dan\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Dan\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Dan at 9:11:49.77 on Sat 05/22/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8062.6068 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardian.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Windows\SysWOW64\explorer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\UltraVNC\WinVNC.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\UltraVNC\WinVNC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

E:\Current Torrents\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

uInternet Settings,ProxyOverride = *.local

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java

Link to post
Share on other sites

OK, open OTL again, and follow the instructions below:

  • Under the Custom Scans/Fixes box at the bottom, paste in the contents of the following code box:
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
    O4 - HKCU..\Run: [HKCU] C:\Users\Dan\AppData\Roaming\install\Svchost.exe ()
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    [2010/05/21 13:14:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Link to post
Share on other sites

OK, open OTL again, and follow the instructions below:

  • Under the Custom Scans/Fixes box at the bottom, paste in the contents of the following code box:
    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Conime] C:\Windows\SysWow64\conime.exe File not found
    O4 - HKCU..\Run: [HKCU] C:\Users\Dan\AppData\Roaming\install\Svchost.exe ()
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    [2010/05/21 13:14:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Followed instructions,

here is the latest log:

OTL logfile created on: 5/24/2010 5:04:06 PM - Run 2

OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Dan\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 82.00% Memory free

16.00 Gb Paging File | 14.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 434.63 Gb Free Space | 93.32% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 149.05 Gb Total Space | 81.75 Gb Free Space | 54.85% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 205.77 Gb Free Space | 44.18% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive V: | 1862.89 Gb Total Space | 1824.67 Gb Free Space | 97.95% Space Free | Partition Type: NTFS

Computer Name: JREB1

Current User Name: Dan

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/24 13:01:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

PRC - [2010/05/04 05:31:50 | 003,464,128 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

PRC - [2009/11/11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe

PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

PRC - [2009/07/21 17:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe

PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/01/29 18:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe

========== Modules (SafeList) ==========

MOD - [2010/05/24 13:01:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/13 15:44:21 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV:64bit: - [2010/01/29 17:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/12/07 00:22:14 | 001,793,976 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)

SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)

SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)

SRV:64bit: - [2009/07/13 21:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)

SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)

SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)

SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)

SRV:64bit: - [2009/07/13 21:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)

SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)

SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)

SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)

SRV:64bit: - [2009/07/13 21:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)

SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)

SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)

SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)

SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)

SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)

SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)

SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/02/11 15:36:12 | 000,300,400 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)

SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2009/09/28 19:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)

SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/08/11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/13 16:39:04 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)

DRV:64bit: - [2010/04/23 12:31:09 | 000,123,840 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2010/04/13 16:49:56 | 000,012,096 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)

DRV:64bit: - [2010/03/26 08:15:48 | 000,287,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express) Intel®

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010/01/01 13:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)

DRV:64bit: - [2009/11/10 07:53:32 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)

DRV:64bit: - [2009/11/10 07:52:12 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)

DRV:64bit: - [2009/11/10 07:52:04 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009/09/28 19:35:32 | 000,087,384 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)

DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2009/07/30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)

DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)

DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)

DRV:64bit: - [2009/07/13 21:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)

DRV:64bit: - [2009/07/13 21:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)

DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)

DRV:64bit: - [2009/07/13 21:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)

DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)

DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)

DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)

DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)

DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)

DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)

DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)

DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)

DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)

DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)

DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)

DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)

DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)

DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)

DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)

DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)

DRV:64bit: - [2009/07/13 19:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)

DRV:64bit: - [2009/07/13 19:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)

DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)

DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)

DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)

DRV:64bit: - [2009/07/13 19:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)

DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/20 08:53:32 | 000,716,288 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/08/11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2008/08/11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2007/02/15 20:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2010/04/23 12:31:09 | 000,123,840 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2010/04/13 18:16:06 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)

DRV - [2010/03/19 09:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)

DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)

DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

DRV - [2008/08/11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2007/02/15 20:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B3 8F E6 E2 F8 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..network.proxy.http: "89.248.18.238"

FF - prefs.js..network.proxy.http_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/13 18:09:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/21 08:14:39 | 000,000,000 | ---D | M]

[2010/04/13 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

[2010/05/24 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\extensions

[2010/04/27 07:21:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/13 18:12:43 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2010/04/27 07:21:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/05/08 16:20:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\extensions\DeviceDetection@logitech.com

[2010/04/13 18:12:43 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\extensions\LogMeInClient@logmein.com

[2008/10/01 21:00:26 | 000,004,096 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\searchplugins\._IMDB.xml

[2008/10/01 21:00:26 | 000,004,096 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\searchplugins\._netflix.xml

[2008/10/01 21:00:28 | 000,004,096 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\searchplugins\._youtube.xml

[2008/06/18 22:09:48 | 000,000,908 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\searchplugins\IMDB.xml

[2008/08/01 12:24:58 | 000,001,108 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\searchplugins\netflix.xml

[2010/05/17 17:03:44 | 000,005,090 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\qqaphmmv.default\searchplugins\youtube.xml

[2010/05/08 16:47:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/05/08 16:47:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/24 16:59:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O27 - HKLM IFEO\ehshell.exe: Debugger - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect (LogMeIn, Inc.)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - Unable to obtain root file information for disk F:\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/24 16:59:07 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/24 13:01:12 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2010/05/22 08:10:05 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Avira

[2010/05/22 08:08:46 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/05/22 08:08:46 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/05/22 08:08:46 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/05/22 08:08:46 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/05/22 08:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/05/22 08:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/05/20 06:19:16 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys

[2010/05/20 06:19:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/05/19 21:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/05/19 21:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NOS

[2010/05/17 17:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe

[2010/05/17 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\LightScribe

[2010/05/17 17:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler

[2010/05/17 17:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe

[2010/05/17 17:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe

[2010/05/12 14:24:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Adobe

[2010/05/10 19:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2010/05/08 16:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/05/08 16:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010/05/08 16:25:11 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Leadertech

[2010/05/08 16:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2010/05/08 16:24:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2010/05/08 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2010/05/08 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2010/05/08 16:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2010/05/08 16:23:22 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Logitech

[2010/05/08 16:23:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Logishrd

[2010/05/08 16:22:33 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\JoshPressnell

[2010/05/08 16:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Backup

[2010/05/08 16:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2010/05/08 11:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

[2010/05/08 11:04:16 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\MediaSmart DVD

[2010/05/05 19:29:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\logitech

[2010/05/05 19:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common

[2010/05/05 19:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech

[2010/05/05 19:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver

[2010/05/05 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\InstallShield

[2010/04/30 00:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/04/30 00:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/04/30 00:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/04/30 00:19:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/04/28 05:56:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\DivX

[2010/04/28 05:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine

[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

[2010/04/25 11:55:54 | 000,000,000 | ---D | C] -- C:\Users\Dan\Tracing

[2010/04/25 11:55:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010/04/25 11:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/04/25 11:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework

[2010/04/25 11:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2010/04/25 11:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive

[2010/04/25 11:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2010/04/25 11:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2010/04/25 11:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2010/04/25 11:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2010/04/25 11:34:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\WindowsUpdate

[2010/04/25 11:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works

[2010/04/25 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2010/04/25 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/04/25 11:31:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/04/25 11:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/04/25 11:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/04/25 11:28:24 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Microsoft Help

[2010/04/25 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2010/04/25 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2010/04/25 11:27:35 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2010/04/23 12:31:09 | 000,123,840 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys

[2010/04/23 12:31:09 | 000,123,840 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys

[2010/04/20 12:27:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\CyberLink

[2010/04/20 12:27:40 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Hewlett-Packard

[2010/04/13 20:23:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\eMusic

[2010/04/13 20:23:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\eMusic

[2010/04/13 20:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMusic Download Manager

[2010/04/13 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\ImTOO

[2010/04/13 20:20:03 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ImTOO

[2010/04/13 20:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO

[2010/04/13 20:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPort

[2010/04/13 20:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia

[2010/04/13 20:07:16 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\TuneUpMedia

[2010/04/13 20:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia

[2010/04/13 19:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes

[2010/04/13 19:14:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2010/04/13 19:14:12 | 000,000,000 | -HSD | C] -- C:\Boot

[2010/04/13 18:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3ivx

[2010/04/13 18:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Flip Video

[2010/04/13 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flip Video

[2010/04/13 18:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PIXELA

[2010/04/13 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXELA

[2010/04/13 18:18:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2010/04/13 18:16:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2010/04/13 18:15:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010/04/13 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes

[2010/04/13 18:14:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/13 18:14:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/13 18:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/04/13 18:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/04/13 18:10:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Mozilla

[2010/04/13 18:10:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Mozilla

[2010/04/13 18:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010/04/13 17:39:28 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\LogMeIn

[2010/04/13 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn

[2010/04/13 17:39:24 | 000,087,384 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll

[2010/04/13 17:39:24 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys

[2010/04/13 17:39:24 | 000,029,496 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

[2010/04/13 17:39:19 | 000,080,696 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll

[2010/04/13 17:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn

[2010/04/13 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Deployment

[2010/04/13 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Apps

[2010/04/13 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\WBFS Manager Covers

[2010/04/13 17:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS

[2010/04/13 17:35:50 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\WinRAR

[2010/04/13 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/04/13 17:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2010/04/13 17:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX

[2010/04/13 17:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010/04/13 17:27:07 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\AnyDVDHD

[2010/04/13 17:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft

[2010/04/13 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft

[2010/04/13 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Apple Computer

[2010/04/13 17:16:45 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Apple Computer

[2010/04/13 17:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/04/13 17:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/04/13 17:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/04/13 17:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2010/04/13 17:14:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Apple

[2010/04/13 17:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2010/04/13 17:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/04/13 17:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2010/04/13 17:11:55 | 000,000,000 | ---D | C] -- C:\SharedFromOldDrive

[2010/04/13 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2010/04/13 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\uTorrent

[2010/04/13 16:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozyHome

[2010/04/13 16:52:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2010/04/13 16:50:03 | 000,026,432 | ---- | C] (UVNC BVBA) -- C:\Windows\SysNative\mv2.dll

[2010/04/13 16:50:03 | 000,012,096 | ---- | C] (UVNC BVBA) -- C:\Windows\SysNative\drivers\mv2.sys

[2010/04/13 16:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC

[2010/04/13 16:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[2010/04/13 16:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TablEdit

[2010/04/13 16:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/04/13 16:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2010/04/13 16:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software

[2010/04/13 16:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/04/13 16:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard

[2010/04/13 16:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp

[2010/04/13 16:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

[2010/04/13 16:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard

[2010/04/13 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\HpUpdate

[2010/04/13 16:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp

[2010/04/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2010/04/13 16:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2010/04/13 16:14:02 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2010/04/13 16:14:02 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2010/04/13 16:14:02 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2010/04/13 16:14:02 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2010/04/13 16:14:02 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2010/04/13 16:14:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2010/04/13 16:14:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2010/04/13 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2010/04/13 16:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2010/04/13 16:13:47 | 000,000,000 | ---D | C] -- C:\hp

[2010/04/13 16:13:34 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\WinBatch

[2010/04/13 16:06:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\kodak

[2010/04/13 16:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Eastman Kodak Company

[2010/04/13 16:05:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Eastman_Kodak_Company

[2010/04/13 16:05:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Microsoft Corporation

[2010/04/13 16:05:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak

[2010/04/13 16:05:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2010/04/13 16:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak

[2010/04/13 15:50:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/04/13 15:50:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/04/13 15:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2010/04/13 15:41:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Temp

[2010/04/13 15:41:35 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Eastman Kodak Company

[2010/04/13 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Macromedia

[2010/04/13 15:37:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed

[2010/04/13 15:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak

[2010/04/13 15:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2010/04/13 15:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2010/04/13 15:31:38 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2010/04/13 15:24:54 | 000,000,000 | R--D | C] -- C:\Users\Dan\Searches

[2010/04/13 15:24:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Identities

[2010/04/13 15:24:29 | 000,000,000 | R--D | C] -- C:\Users\Dan\Contacts

[2010/04/13 15:24:25 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\VirtualStore

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\Temporary Internet Files

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Templates

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Start Menu

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\SendTo

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Recent

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\PrintHood

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\NetHood

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Documents\My Videos

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Documents\My Pictures

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Documents\My Music

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\My Documents

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Local Settings

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\History

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Cookies

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\Application Data

[2010/04/13 15:24:10 | 000,000,000 | -HSD | C] -- C:\Users\Dan\AppData\Local\Application Data

[2010/04/13 15:24:09 | 000,000,000 | --SD | C] -- C:\Users\Dan\AppData\Roaming\Microsoft

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Videos

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Saved Games

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Pictures

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Music

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Links

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Favorites

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Downloads

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\My Documents

[2010/04/13 15:24:09 | 000,000,000 | R--D | C] -- C:\Users\Dan\Desktop

[2010/04/13 15:24:09 | 000,000,000 | -H-D | C] -- C:\Users\Dan\AppData

[2010/04/13 15:24:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Temp

[2010/04/13 15:24:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Microsoft

[2010/04/13 15:24:09 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Media Center Programs

[2010/04/13 15:23:51 | 000,000,000 | -HSD | C] -- C:\Recovery

[2010/03/19 09:31:57 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\Windows\SysWow64\ElbyCDIO.dll

[2010/03/08 13:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll

========== Files - Modified Within 90 Days ==========

[2010/05/24 17:03:49 | 001,310,720 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT

[2010/05/24 17:01:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/24 17:01:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/24 17:01:15 | 2045,521,919 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/24 17:00:03 | 002,383,732 | -H-- | M] () -- C:\Users\Dan\AppData\Local\IconCache.db

[2010/05/24 16:59:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2010/05/24 16:59:38 | 000,014,706 | -H-- | M] () -- C:\Users\Dan\AppData\Roaming\cglogs.dat

[2010/05/24 13:01:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2010/05/23 16:06:17 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib

[2010/05/23 14:51:17 | 000,465,975 | ---- | M] () -- C:\Users\Dan\Desktop\Frontier.lsl

[2010/05/23 00:33:05 | 000,003,900 | ---- | M] () -- C:\Windows\mozy.blk

[2010/05/23 00:33:05 | 000,000,636 | ---- | M] () -- C:\Windows\mozy.flt

[2010/05/22 09:11:15 | 000,000,000 | ---- | M] () -- C:\Users\Dan\defogger_reenable

[2010/05/22 08:08:54 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/05/22 08:07:56 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/22 08:07:56 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/22 08:00:25 | 000,050,477 | ---- | M] () -- C:\Users\Dan\Desktop\Defogger.exe

[2010/05/20 06:19:18 | 000,000,915 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk

[2010/05/17 17:20:28 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk

[2010/05/16 16:19:43 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/05/16 16:19:43 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/05/16 16:19:43 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/05/13 16:39:04 | 000,066,040 | ---- | M] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys

[2010/05/10 19:35:30 | 000,000,000 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\chrtmp

[2010/05/10 19:30:00 | 000,001,356 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/05/08 16:20:25 | 000,002,005 | ---- | M] () -- C:\Users\Dan\Desktop\Common Backup.lnk

[2010/05/08 11:04:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2010/05/06 11:48:23 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk

[2010/05/05 19:29:34 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

[2010/04/25 12:40:25 | 000,304,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/04/25 11:46:36 | 000,064,344 | ---- | M] () -- C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/04/23 22:11:59 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk

[2010/04/23 12:31:09 | 000,123,840 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys

[2010/04/23 12:31:09 | 000,123,840 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys

[2010/04/13 20:19:59 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO Ringtone Maker.lnk

[2010/04/13 19:35:39 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk

[2010/04/13 19:34:18 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk

[2010/04/13 19:14:14 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2010/04/13 18:43:44 | 000,003,584 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/13 18:43:12 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk

[2010/04/13 18:33:04 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2010/04/13 18:20:26 | 000,000,877 | ---- | M] () -- C:\Users\Dan\Desktop\Downloads - Shortcut.lnk

[2010/04/13 18:19:47 | 000,000,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk

[2010/04/13 18:19:47 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Everio MediaBrowser HD Edition.lnk

[2010/04/13 18:19:47 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Everio MediaBrowser Player.lnk

[2010/04/13 18:19:42 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/04/13 18:19:42 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010/04/13 18:18:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/04/13 18:16:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/04/13 17:39:17 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010/04/13 17:36:02 | 000,000,950 | ---- | M] () -- C:\Users\Dan\Desktop\WBFS Manager 3.0.lnk

[2010/04/13 16:49:56 | 000,026,432 | ---- | M] (UVNC BVBA) -- C:\Windows\SysNative\mv2.dll

[2010/04/13 16:49:56 | 000,012,096 | ---- | M] (UVNC BVBA) -- C:\Windows\SysNative\drivers\mv2.sys

[2010/04/13 16:47:49 | 000,000,936 | ---- | M] () -- C:\Users\Dan\Desktop\TEFView.lnk

[2010/04/13 16:05:36 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

[2010/04/13 15:27:13 | 000,524,288 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/04/13 15:27:13 | 000,524,288 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010/04/13 15:27:13 | 000,065,536 | -HS- | M] () -- C:\Users\Dan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010/04/13 15:24:10 | 000,000,020 | -HS- | M] () -- C:\Users\Dan\ntuser.ini

[2010/03/19 09:31:57 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\SysWow64\ElbyCDIO.dll

[2010/03/08 13:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll

[2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

========== Files Created - No Company Name ==========

[2010/05/23 14:51:16 | 000,465,975 | ---- | C] () -- C:\Users\Dan\Desktop\Frontier.lsl

[2010/05/22 09:11:15 | 000,000,000 | ---- | C] () -- C:\Users\Dan\defogger_reenable

[2010/05/22 09:10:55 | 000,050,477 | ---- | C] () -- C:\Users\Dan\Desktop\Defogger.exe

[2010/05/22 08:08:54 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/05/17 17:20:28 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk

[2010/05/10 19:35:30 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\chrtmp

[2010/05/10 19:30:00 | 000,001,356 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/05/08 16:20:25 | 000,002,005 | ---- | C] () -- C:\Users\Dan\Desktop\Common Backup.lnk

[2010/05/05 19:29:34 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk

[2010/04/23 22:11:59 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Companion.lnk

[2010/04/13 20:19:59 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO Ringtone Maker.lnk

[2010/04/13 19:35:39 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk

[2010/04/13 19:34:18 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk

[2010/04/13 19:14:14 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK

[2010/04/13 19:14:12 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2010/04/13 18:43:44 | 000,003,584 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/13 18:43:12 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk

[2010/04/13 18:33:04 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/04/13 18:20:26 | 000,000,877 | ---- | C] () -- C:\Users\Dan\Desktop\Downloads - Shortcut.lnk

[2010/04/13 18:19:47 | 000,000,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk

[2010/04/13 18:19:47 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Everio MediaBrowser HD Edition.lnk

[2010/04/13 18:19:47 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Everio MediaBrowser Player.lnk

[2010/04/13 18:18:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2010/04/13 18:16:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/04/13 18:15:29 | 2045,521,919 | -HS- | C] () -- C:\hiberfil.sys

[2010/04/13 17:39:16 | 000,001,024 | ---- | C] () -- C:\.rnd

[2010/04/13 17:36:02 | 000,000,950 | ---- | C] () -- C:\Users\Dan\Desktop\WBFS Manager 3.0.lnk

[2010/04/13 17:26:34 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/04/13 17:23:22 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk

[2010/04/13 16:52:04 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk

[2010/04/13 16:47:49 | 000,000,936 | ---- | C] () -- C:\Users\Dan\Desktop\TEFView.lnk

[2010/04/13 16:37:14 | 000,010,155 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu

[2010/04/13 16:25:46 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2010/04/13 16:19:34 | 000,006,136 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin

[2010/04/13 16:05:36 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

[2010/04/13 15:33:57 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din

[2010/04/13 15:24:10 | 000,524,288 | -HS- | C] () -- C:\Users\Dan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms

[2010/04/13 15:24:10 | 000,524,288 | -HS- | C] () -- C:\Users\Dan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms

[2010/04/13 15:24:10 | 000,065,536 | -HS- | C] () -- C:\Users\Dan\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf

[2010/04/13 15:24:10 | 000,000,020 | -HS- | C] () -- C:\Users\Dan\ntuser.ini

[2010/04/13 15:24:09 | 000,262,144 | -HS- | C] () -- C:\Users\Dan\ntuser.dat.LOG1

[2010/04/13 15:24:09 | 000,000,000 | -HS- | C] () -- C:\Users\Dan\ntuser.dat.LOG2

[2010/04/13 15:24:08 | 001,310,720 | -HS- | C] () -- C:\Users\Dan\NTUSER.DAT

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll

========== LOP Check ==========

[2010/05/18 12:02:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\eMusic

[2010/04/13 20:20:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImTOO

[2010/05/24 16:59:07 | 000,000,000 | RHSD | M] -- C:\Users\Dan\AppData\Roaming\install

[2010/05/08 16:22:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\JoshPressnell

[2010/05/08 16:25:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech

[2010/04/13 16:04:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Temp

[2010/05/23 20:33:54 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TuneUpMedia

[2010/05/23 13:22:58 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent

[2010/04/13 16:13:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WinBatch

[2009/07/14 01:08:49 | 000,007,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OK, that looks a little better.

Please run an online virus scan through ESET. Here are the steps:

  1. Turn off your anti-virus software.
  2. Click on this link.
  3. Click on the "ESET Online Scanner" button.
  4. Put a check in the box that says "YES, I accept the Terms of Use."
  5. Click the 'Start' button just to the right of the checkbox.
  6. Uncheck the box that says "Remove found threats" (this is very important).
  7. Click on "Advanced settings".
  8. Put a check in the box that says "Scan for potentially unsafe applications".
  9. Verify that "Scan for potentially unwanted applications" is also checked.
  10. Verify that "Enable Anti-Stealth technology" is also checked.
  11. Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  12. When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  13. Save that text file on your desktop, and then copy and paste it into a reply for me.
  14. Close the ESET online scan.

I will take a look at the log, and let you know if anything needs removed.

Link to post
Share on other sites

OK, that looks a little better.

Please run an online virus scan through ESET. Here are the steps:

  1. Turn off your anti-virus software.
  2. Click on this link.
  3. Click on the "ESET Online Scanner" button.
  4. Put a check in the box that says "YES, I accept the Terms of Use."
  5. Click the 'Start' button just to the right of the checkbox.
  6. Uncheck the box that says "Remove found threats" (this is very important).
  7. Click on "Advanced settings".
  8. Put a check in the box that says "Scan for potentially unsafe applications".
  9. Verify that "Scan for potentially unwanted applications" is also checked.
  10. Verify that "Enable Anti-Stealth technology" is also checked.
  11. Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  12. When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  13. Save that text file on your desktop, and then copy and paste it into a reply for me.
  14. Close the ESET online scan.

I will take a look at the log, and let you know if anything needs removed.

Here you go:

C:\_OTL\MovedFiles\05242010_165907\C_Users\Dan\AppData\Roaming\install\Svchost.exe Win32/Injector.BQY.Gen trojan

Link to post
Share on other sites

As far as I can tell are there any clean up tasks that I need to do? Anything with OTL or any of the other stuff? Guessing I should run a malwarebytes scan to be sure? Let me know.

If not then thank you so much for your help I really appreciate it.

Actually it looks like malware bytes is picking up two infections still

malware.trace is listed for both of them

one is a registry key

HKEY_CURRENT_USER\Software\victim

and the other is a file

c:\users\dan\appdata\roaming\cglogs.dat

I'm going to try to remove them with malwarebytes and see if it works I guess. Unless you have another recommendation.

Link to post
Share on other sites

OTL and DDS don't show me everything, so MBAM is bound to find something that OTL didn't see. If it is able to remove it without any further detections this time, then the infection is most likely cleaned up.

Due to certain features of 64-bit Windows, we can't go really in depth with tools like ComboFix, but at the same time rootkits won't run either, so OTL is usually all we need to find what is causing the most trouble, and then MBAM can fix the few little things that OTL doesn't show us.

Since you have Avira's AntiVir installed, I would also recommend updating it and running a scan with it. After that, your computer is probably good to go. :)

Link to post
Share on other sites

OTL and DDS don't show me everything, so MBAM is bound to find something that OTL didn't see. If it is able to remove it without any further detections this time, then the infection is most likely cleaned up.

Due to certain features of 64-bit Windows, we can't go really in depth with tools like ComboFix, but at the same time rootkits won't run either, so OTL is usually all we need to find what is causing the most trouble, and then MBAM can fix the few little things that OTL doesn't show us.

Since you have Avira's AntiVir installed, I would also recommend updating it and running a scan with it. After that, your computer is probably good to go. :)

Yes MBAM was able to remove the two threats and my virus scan is showing up clean. Thanks so much for your help.

Link to post
Share on other sites

Yes MBAM was able to remove the two threats and my virus scan is showing up clean. Thanks so much for your help.

Glad to hear it, and you are quite welcome.

I'm going to close this topic so that it doesn't get hijacked. Please send me a private message if you require any further assistance. :D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.