Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vista Security 2012 Infection!

Started by NorthstarATL , Jun 17 2011 01:43 PM

This topic is locked

#1
NorthstarATL

Posted 17 June 2011 - 01:43 PM

Member

Member
66 posts

I had previously been infected with a similar virus (calling itself 2011 I believe) and had been careful since, but may not have fully cleaned my system. I am running a Dell Inspiron 530 with Windows Vista Home Premium. I picked up something calling itself Windows Security 2012, which did the usual: Kept popping up telling me that my system was infected, etc., wanting me to click on the pop-ups to acknowledge them. I ran Malwarebytes, an Avast Bootscan, and CC Cleaner, and none of them worked. What's worse was that I was blocked from the internet by the virus which hijacked my home page, warning me that any pages I chose were a 'security risk', and that, in order to go further I would again have to click on something to acknowledge the virus, which I knew better than to do. So I ran an older Kaspersky scan, which allowed me access to the internet through trying to update on their site. From there I was able to download TSSKiller, which got something, and then an updated Malwarebytes, which removed 11 items, and then rebooted.
My problem? I can't assume things are clean, and I don't know how to keep this from happening again if Avast offers no protection. Here's my OTL log:
OTL logfile created on: 6/17/2011 3:14:19 PM - Run 4
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kenn\Pictures\Uploads\Blog
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 42.19% Memory free
8.06 Gb Paging File | 6.26 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 185.98 Gb Free Space | 31.98% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/04/29 03:59:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/23 17:37:22 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/06/23 17:37:22 | 000,036,864 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTV7Rec.exe
PRC - [2009/06/23 17:31:16 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ShowAnalyzerMaster)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/08 13:50:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\62832842.sys -- (62832842)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6283284.sys -- (setup_9.0.0.722_04.06.2011_22-45drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\62832841.sys -- (62832841)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/09 14:33:56 | 001,442,816 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 03:59:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 15:04:49 | 000,000,000 | ---D | M]

[2009/08/01 00:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions\[email protected]
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions\[email protected]
[2011/06/17 10:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions
[2009/08/30 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/06/17 10:37:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/23 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 00:40:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 12:45:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 16:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/29 03:59:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_22-45.lnk = File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell - "" = AutoRun
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 15:16:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/17 15:16:37 | 000,000,000 | ---D | C] -- C:\862d86b74cd492741e26ebe28a0bc5
[2011/06/17 15:04:03 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/16 18:54:18 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6283284.sys
[2011/06/16 18:54:18 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832841.sys
[2011/06/16 18:54:18 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832842.sys
[2011/06/07 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\MPEG2Cut
[2011/06/05 05:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/06/05 05:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/06/05 05:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/02 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\NRAS Mods_Sims 3
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2009/07/31 09:44:04 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Kenn\AppData\Roaming\DataSafeDotNet.exe
[3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 15:10:09 | 000,014,336 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 15:09:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000UA.job
[2011/06/17 15:08:38 | 000,639,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/17 15:08:38 | 000,118,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/17 14:49:24 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job
[2011/06/17 14:49:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 14:49:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 14:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 11:50:16 | 000,711,728 | ---- | M] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | M] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 11:50:16 | 000,000,374 | ---- | M] () -- C:\Windows\is-VP4RR.lst
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\ProgramData\g5m6ob75g5s1l11u55n4i
[2011/06/17 04:09:13 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000Core.job
[2011/06/16 18:55:11 | 000,002,148 | ---- | M] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_22-45.lnk
[2011/06/16 18:41:26 | 000,322,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/09 16:53:33 | 000,464,415 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | M] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/06/04 14:38:02 | 000,011,770 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\8q885oc37xa8y12v5
[2011/06/04 14:38:02 | 000,011,770 | -HS- | M] () -- C:\ProgramData\8q885oc37xa8y12v5
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/22 14:38:55 | 000,421,767 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-13.jpg
[2011/05/22 14:38:46 | 000,341,669 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-12.jpg
[2011/05/22 14:38:37 | 000,386,698 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-11.jpg
[2011/05/22 14:38:28 | 000,367,931 | ---- | M] () -- C:\Users\Kenn\Documents\SecretSix-10.jpg
[3 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 11:50:16 | 000,711,728 | ---- | C] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | C] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/17 11:50:16 | 000,000,374 | ---- | C] () -- C:\Windows\is-VP4RR.lst
[2011/06/16 18:55:11 | 000,002,148 | ---- | C] () -- C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_22-45.lnk
[2011/06/16 11:20:03 | 000,011,084 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/16 11:20:03 | 000,011,084 | -HS- | C] () -- C:\ProgramData\g5m6ob75g5s1l11u55n4i
[2011/06/09 16:53:33 | 000,464,415 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | C] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/06/04 14:18:06 | 000,011,770 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\8q885oc37xa8y12v5
[2011/06/04 14:18:06 | 000,011,770 | -HS- | C] () -- C:\ProgramData\8q885oc37xa8y12v5
[2011/05/22 14:38:54 | 000,421,767 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-13.jpg
[2011/05/22 14:38:46 | 000,341,669 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-12.jpg
[2011/05/22 14:38:37 | 000,386,698 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-11.jpg
[2011/05/22 14:38:27 | 000,367,931 | ---- | C] () -- C:\Users\Kenn\Documents\SecretSix-10.jpg
[2011/05/03 10:13:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/18 14:34:21 | 000,009,170 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\23p2ct64n5i40
[2011/04/18 14:34:21 | 000,009,170 | -HS- | C] () -- C:\ProgramData\23p2ct64n5i40
[2011/03/30 06:41:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 06:41:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 06:41:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 06:41:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 06:41:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin
[2011/03/24 19:46:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/11/04 19:45:49 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010/11/04 19:45:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2010/08/29 17:34:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/30 09:19:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/30 09:19:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 08:30:42 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/07 03:33:27 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/07 01:04:20 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/10 14:04:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/10 14:04:00 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/10 14:03:54 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/08/10 13:56:02 | 000,004,134 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 19:08:18 | 000,007,512 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2009/07/19 21:07:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/16 21:46:32 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/07/16 20:51:37 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2009/07/16 20:49:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2009/07/16 00:51:56 | 000,014,336 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 00:33:51 | 000,157,768 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/07/08 16:29:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/07/08 16:29:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/07/08 16:29:05 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/08 16:29:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 16:29:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/07/08 16:29:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/08 16:29:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/08 16:29:01 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/07/08 08:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/20 00:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,639,904 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,118,156 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AnvSoft
[2011/05/13 23:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\avidemux
[2010/08/29 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2010/11/15 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.air.oev
[2010/07/27 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Cool Record Edit Pro
[2009/07/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2010/04/28 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Desktopicon
[2011/04/18 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dream Aquarium
[2009/09/02 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2010/06/19 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GrabPro
[2009/08/22 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\IcoFX
[2010/11/10 02:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2010/08/25 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InterVideo
[2010/11/04 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2011/03/07 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Orbit
[2011/03/03 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2011/01/11 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2010/12/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2011/04/11 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\TSRWorkshop
[2011/06/16 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2011/02/21 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\VistaCodecs
[2011/02/26 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinAVI
[2010/03/10 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2011/06/17 14:48:23 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/17 14:49:24 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ubnypvssq.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
I hope someone can help. Thanks a lot!

OTL.Txt 69.59KB 77 downloads

#2
Homburg

Posted 21 June 2011 - 03:51 AM

Trusted Helper

Malware Removal
665 posts

Hello NorthstarATL and welcome to GeeksToGo

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
Please do not try to fix anything without being asked
Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

Edited by Homburg, 21 June 2011 - 03:56 AM.

#3
Homburg

Posted 21 June 2011 - 01:56 PM

Trusted Helper

Malware Removal
665 posts

Hello NorthstarATL:

Please do the following:

Step 1:

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
[2011/06/17 14:49:24 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\ProgramData\g5m6ob75g5s1l11u55n4i
[2011/06/04 14:38:02 | 000,011,770 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\8q885oc37xa8y12v5
[2011/06/04 14:38:02 | 000,011,770 | -HS- | M] () -- C:\ProgramData\8q885oc37xa8y12v5
[2011/04/18 14:34:21 | 000,009,170 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\23p2ct64n5i40
[2011/04/18 14:34:21 | 000,009,170 | -HS- | C] () -- C:\ProgramData\23p2ct64n5i40
[2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin

:Services

:Reg

:Files
C:\ProgramData\g5m6ob75g5s1l11u55n4i
C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
C:\Users\Kenn\AppData\Local\8q885oc37xa8y12v5
C:\ProgramData\8q885oc37xa8y12v5
C:\Users\Kenn\AppData\Local\23p2ct64n5i40
C:\ProgramData\23p2ct64n5i40
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the fix log
Open OTL again
Select All users
Click the Quick Scan button. Post the log it produces in your next reply.

Step 2:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Step 3:

Start Posted Image

MalwareBytes

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Step 4:

Please remember to post:
The OTL fix log
The new OTL QuickScan log
The aswMBR scan log
MalwareBytes scan log

Also, how is the PC running now?

Homburg

#4
NorthstarATL

Posted 21 June 2011 - 04:38 PM

Member

Topic Starter
Member
66 posts

Thank you for replying! I am following the instructions now, and will report back!

#5
NorthstarATL

Posted 21 June 2011 - 05:16 PM

Member

Topic Starter
Member
66 posts

OK. I ran OTL with the inserted info and got this:
"Files\Folders moved on Reboot...
C:\Windows\temp\JET1881.tmp moved successfully.
C:\Windows\temp\JET1882.tmp moved successfully.
C:\Windows\temp\JET45F4.tmp moved successfully.

Registry entries deleted on Reboot..."
after getting a Microsoft message that the program needed to close. Upon reboot, the above was generated with the name 06212011_184336.txt. I don't think that it went exactly according to instructions, so that's why I'm detailing.
Next I ran the quick scan OTL, and that generated this:
OTL logfile created on: 6/21/2011 6:53:53 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kenn\Pictures\Uploads\Blog
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.74% Memory free
8.03 Gb Paging File | 6.63 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 185.77 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/23 17:37:22 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/06/23 17:31:16 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ShowAnalyzerMaster)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/08 13:50:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/06/21 18:48:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCC50577-C441-4076-8733-5AD0D4D250B3}\MpKsl5e457461.sys -- (MpKsl5e457461)
DRV - [2011/06/21 18:43:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCC50577-C441-4076-8733-5AD0D4D250B3}\MpKsl73d2001b.sys -- (MpKsl73d2001b)
DRV - [2011/06/21 01:21:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCC50577-C441-4076-8733-5AD0D4D250B3}\MpKsl8564e9f3.sys -- (MpKsl8564e9f3)
DRV - [2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\62832842.sys -- (62832842)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\62832841.sys -- (62832841)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/09 14:33:56 | 001,442,816 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 03:59:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 20:33:09 | 000,000,000 | ---D | M]

[2009/08/01 00:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions\[email protected]
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions\[email protected]
[2011/06/17 10:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions
[2009/08/30 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/06/17 10:37:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/23 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 00:40:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 12:45:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 16:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/29 03:59:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell - "" = AutoRun
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 18:43:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 00:50:28 | 000,000,000 | ---D | C] -- C:\ce04129e1ec36f43e92db04bf5253a
[2011/06/19 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Social Security Review 2011-2012
[2011/06/18 00:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/17 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/17 18:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/17 18:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/17 15:04:03 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/16 18:54:18 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6283284.sys
[2011/06/16 18:54:18 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832841.sys
[2011/06/16 18:54:18 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832842.sys
[2011/06/07 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\MPEG2Cut
[2011/06/05 05:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/06/05 05:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/06/05 05:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/02 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\NRAS Mods_Sims 3
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2009/07/31 09:44:04 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Kenn\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/06/21 18:55:48 | 000,642,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 18:55:48 | 000,119,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/21 18:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 18:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 18:48:16 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job
[2011/06/21 18:48:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 18:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000UA.job
[2011/06/21 18:02:21 | 000,061,440 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 04:09:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000Core.job
[2011/06/20 21:41:04 | 000,322,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/18 00:33:12 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/17 11:50:16 | 000,711,728 | ---- | M] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | M] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,374 | ---- | M] () -- C:\Windows\is-VP4RR.lst
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/09 16:53:33 | 000,464,415 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | M] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/18 00:33:12 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/18 00:32:28 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/17 11:50:16 | 000,711,728 | ---- | C] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | C] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,374 | ---- | C] () -- C:\Windows\is-VP4RR.lst
[2011/06/16 11:20:03 | 000,011,084 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/09 16:53:33 | 000,464,415 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | C] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/05/03 10:13:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/30 06:41:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 06:41:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 06:41:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 06:41:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 06:41:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin
[2011/03/24 19:46:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/11/04 19:45:49 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010/11/04 19:45:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2010/08/29 17:34:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/30 09:19:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/30 09:19:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 08:30:42 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/07 03:33:27 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/07 01:04:20 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/10 14:04:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/10 14:04:00 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/10 14:03:54 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/08/10 13:56:02 | 000,004,134 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 19:08:18 | 000,007,512 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2009/07/19 21:07:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/16 21:46:32 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/07/16 20:51:37 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2009/07/16 20:49:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2009/07/16 00:51:56 | 000,061,440 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 00:33:51 | 000,157,768 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/07/08 16:29:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/07/08 16:29:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/07/08 16:29:05 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/08 16:29:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 16:29:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/07/08 16:29:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/08 16:29:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/08 16:29:01 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/07/08 08:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/20 00:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,642,004 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,119,156 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AnvSoft
[2011/05/13 23:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\avidemux
[2010/08/29 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2010/11/15 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.air.oev
[2010/07/27 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Cool Record Edit Pro
[2009/07/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2010/04/28 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Desktopicon
[2011/04/18 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dream Aquarium
[2009/09/02 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2010/06/19 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GrabPro
[2009/08/22 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\IcoFX
[2010/11/10 02:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2010/08/25 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InterVideo
[2010/11/04 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2011/03/07 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Orbit
[2011/03/03 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2011/01/11 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2010/12/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2011/04/11 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\TSRWorkshop
[2011/06/21 18:15:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2011/02/21 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\VistaCodecs
[2011/02/26 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinAVI
[2010/03/10 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2011/06/21 01:19:59 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/21 18:48:16 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ubnypvssq.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
Next, aswMBR, which generated this:
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-21 18:58:59
-----------------------------
18:58:59.540 OS Version: Windows 6.0.6002 Service Pack 2
18:58:59.540 Number of processors: 2 586 0x1706
18:58:59.540 ComputerName: KENN-PC UserName: Kenn
18:59:01.131 Initialize success
18:59:23.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:59:23.275 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
18:59:25.303 Disk 0 MBR read successfully
18:59:25.303 Disk 0 MBR scan
18:59:25.303 Disk 0 unknown MBR code
18:59:27.331 Disk 0 scanning sectors +1250261680
18:59:27.378 Disk 0 scanning C:\Windows\system32\drivers
18:59:34.928 Service scanning
18:59:36.488 Disk 0 trace - called modules:
18:59:36.488 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
18:59:36.504 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86458ac8]
18:59:36.504 3 CLASSPNP.SYS[8b9aa8b3] -> nt!IofCallDriver -> [0x84f49918]
18:59:36.504 5 acpi.sys[8b2926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85cd7b98]
18:59:36.504 Scan finished successfully
19:00:00.304 Disk 0 MBR has been saved successfully to "C:\Users\Kenn\Pictures\Uploads\Blog\MBR.dat"
19:00:00.320 The log file has been saved successfully to "C:\Users\Kenn\Pictures\Uploads\Blog\aswMBR.txt"

and, finally, Malwarebytes, which generated this:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6904

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/21/2011 7:05:19 PM
mbam-log-2011-06-21 (19-05-19).txt

Scan type: Quick scan
Objects scanned: 162231
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Except for the initial OTL, everything ran smoothly. Hopefully there's some clue in the logs as to why I am getting repeated infections/redirects. Thanks again!

#6
Homburg

Posted 22 June 2011 - 01:11 PM

Trusted Helper

Malware Removal
665 posts

Thanks for the info. The OTL fix only partially completed, please try this new OTL fix:

Run OTL Posted Image

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
[2011/06/17 14:49:24 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\ProgramData\g5m6ob75g5s1l11u55n4i
[2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell - "" = AutoRun
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell\AutoRun\command - "" = K:\Autorun.exe

:Services

:Reg

:Files
C:\ProgramData\g5m6ob75g5s1l11u55n4i
C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done and post the fix log
Open OTL again
Select All users
Click the Quick Scan button. Post the log it produces in your next reply.

Please remember to post:

The OTL fix log
The new OTL QuickScan log.

Homburg

#7
NorthstarATL

Posted 22 June 2011 - 05:34 PM

Member

Topic Starter
Member
66 posts

Thanks! I ran the first OTL scan and got this:
OTL logfile created on: 6/21/2011 6:53:53 PM - Run 5
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kenn\Pictures\Uploads\Blog
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.74% Memory free
8.03 Gb Paging File | 6.63 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 185.77 Gb Free Space | 31.95% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/23 17:37:22 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/06/23 17:31:16 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ShowAnalyzerMaster)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/08 13:50:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/06/21 18:48:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCC50577-C441-4076-8733-5AD0D4D250B3}\MpKsl5e457461.sys -- (MpKsl5e457461)
DRV - [2011/06/21 18:43:56 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCC50577-C441-4076-8733-5AD0D4D250B3}\MpKsl73d2001b.sys -- (MpKsl73d2001b)
DRV - [2011/06/21 01:21:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DCC50577-C441-4076-8733-5AD0D4D250B3}\MpKsl8564e9f3.sys -- (MpKsl8564e9f3)
DRV - [2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\62832842.sys -- (62832842)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\62832841.sys -- (62832841)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/09 14:33:56 | 001,442,816 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 03:59:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 20:33:09 | 000,000,000 | ---D | M]

[2009/08/01 00:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions\[email protected]
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions\[email protected]
[2011/06/17 10:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions
[2009/08/30 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/06/17 10:37:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/23 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 00:40:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 12:45:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 16:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/29 03:59:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell - "" = AutoRun
O33 - MountPoints2\{567408ed-77dd-11de-ad66-0024e80c1292}\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 18:43:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 00:50:28 | 000,000,000 | ---D | C] -- C:\ce04129e1ec36f43e92db04bf5253a
[2011/06/19 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Social Security Review 2011-2012
[2011/06/18 00:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/17 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/17 18:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/17 18:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/17 15:04:03 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/16 18:54:18 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6283284.sys
[2011/06/16 18:54:18 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832841.sys
[2011/06/16 18:54:18 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832842.sys
[2011/06/07 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\MPEG2Cut
[2011/06/05 05:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/06/05 05:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/06/05 05:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/02 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\NRAS Mods_Sims 3
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2009/07/31 09:44:04 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Kenn\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/06/21 18:55:48 | 000,642,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 18:55:48 | 000,119,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/21 18:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 18:48:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/21 18:48:16 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ubnypvssq.job
[2011/06/21 18:48:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/21 18:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000UA.job
[2011/06/21 18:02:21 | 000,061,440 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/21 04:09:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000Core.job
[2011/06/20 21:41:04 | 000,322,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/18 00:33:12 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/17 11:50:16 | 000,711,728 | ---- | M] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | M] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,374 | ---- | M] () -- C:\Windows\is-VP4RR.lst
[2011/06/17 08:46:45 | 000,011,084 | -HS- | M] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/09 16:53:33 | 000,464,415 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | M] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/18 00:33:12 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/18 00:32:28 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/17 11:50:16 | 000,711,728 | ---- | C] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | C] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,374 | ---- | C] () -- C:\Windows\is-VP4RR.lst
[2011/06/16 11:20:03 | 000,011,084 | -HS- | C] () -- C:\Users\Kenn\AppData\Local\g5m6ob75g5s1l11u55n4i
[2011/06/09 16:53:33 | 000,464,415 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | C] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/05/03 10:13:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/30 06:41:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 06:41:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 06:41:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 06:41:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 06:41:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/29 14:55:39 | 000,000,120 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Gdinovoxa.dat
[2011/03/29 14:55:39 | 000,000,000 | ---- | C] () -- C:\Users\Kenn\AppData\Local\Wtipejivulu.bin
[2011/03/24 19:46:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/11/04 19:45:49 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010/11/04 19:45:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2010/08/29 17:34:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/30 09:19:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/30 09:19:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 08:30:42 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/07 03:33:27 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/07 01:04:20 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/10 14:04:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/10 14:04:00 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/10 14:03:54 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/08/10 13:56:02 | 000,004,134 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 19:08:18 | 000,007,512 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2009/07/19 21:07:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/16 21:46:32 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/07/16 20:51:37 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2009/07/16 20:49:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2009/07/16 00:51:56 | 000,061,440 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 00:33:51 | 000,157,768 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/07/08 16:29:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/07/08 16:29:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/07/08 16:29:05 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/08 16:29:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 16:29:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/07/08 16:29:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/08 16:29:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/08 16:29:01 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/07/08 08:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/20 00:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,642,004 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,119,156 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AnvSoft
[2011/05/13 23:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\avidemux
[2010/08/29 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2010/11/15 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.air.oev
[2010/07/27 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Cool Record Edit Pro
[2009/07/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2010/04/28 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Desktopicon
[2011/04/18 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dream Aquarium
[2009/09/02 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2010/06/19 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GrabPro
[2009/08/22 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\IcoFX
[2010/11/10 02:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2010/08/25 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InterVideo
[2010/11/04 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2011/03/07 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Orbit
[2011/03/03 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2011/01/11 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2010/12/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2011/04/11 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\TSRWorkshop
[2011/06/21 18:15:31 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2011/02/21 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\VistaCodecs
[2011/02/26 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinAVI
[2010/03/10 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2011/06/21 01:19:59 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/21 18:48:16 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ubnypvssq.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
However, at the end of the scan it did NOT reboot the computer. With all processes off, I waited awhile, and then rebooted manually, so I hope things worked the way that they were supposed to.
The second scan went smoothly and generated this:
OTL logfile created on: 6/22/2011 7:22:04 PM - Run 6
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Kenn\Pictures\Uploads\Blog
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 60.51% Memory free
8.03 Gb Paging File | 6.85 Gb Available in Paging File | 85.30% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.48 Gb Total Space | 180.35 Gb Free Space | 31.02% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 14.54 Gb Free Space | 99.28% Space Free | Partition Type: NTFS

Computer Name: KENN-PC | User Name: Kenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
PRC - [2011/05/18 09:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/10 10:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/23 17:37:22 | 000,098,304 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/06/23 17:31:16 | 000,307,200 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
PRC - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 16:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/30 01:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/17 15:12:32 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Kenn\Pictures\Uploads\Blog\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ShowAnalyzerMaster)
SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/08 13:50:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/23 17:31:10 | 000,434,176 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Kenn\Documents\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/06/22 19:16:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7A4FC15-9B73-47CD-B9D8-91AA1B180513}\MpKsl084c6567.sys -- (MpKsl084c6567)
DRV - [2011/06/22 18:45:41 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7A4FC15-9B73-47CD-B9D8-91AA1B180513}\MpKsle49bf66c.sys -- (MpKsle49bf66c)
DRV - [2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 14:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\62832842.sys -- (62832842)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\62832841.sys -- (62832841)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/09 14:33:56 | 001,442,816 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/24 00:49:54 | 003,847,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMDUSB.sys -- (NETMDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 03:59:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 20:33:09 | 000,000,000 | ---D | M]

[2009/08/01 00:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\asv8bq5u.default\extensions\[email protected]
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions
[2011/03/14 12:49:02 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\n0x1p1ro.default\extensions\[email protected]
[2011/06/22 12:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions
[2009/08/30 01:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/06/22 12:48:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kenn\AppData\Roaming\Mozilla\Firefox\Profiles\opgaiyha.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/23 19:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/15 00:40:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 12:45:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 16:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/29 03:59:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPJinit13122.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O7 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kenn\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3147919181-1169093923-3288007742-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/21 18:43:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/21 00:50:28 | 000,000,000 | ---D | C] -- C:\ce04129e1ec36f43e92db04bf5253a
[2011/06/19 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\Social Security Review 2011-2012
[2011/06/18 00:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/17 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Kenn\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/17 18:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/17 18:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/17 15:04:03 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/16 18:54:18 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6283284.sys
[2011/06/16 18:54:18 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832841.sys
[2011/06/16 18:54:18 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\62832842.sys
[2011/06/07 18:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\MPEG2Cut
[2011/06/05 05:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2011/06/05 05:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/06/05 05:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/06/02 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\Kenn\Documents\NRAS Mods_Sims 3
[2010/02/04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2009/07/31 09:44:04 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Kenn\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2011/06/22 19:16:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:16:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 19:16:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/22 19:09:38 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000UA.job
[2011/06/22 14:48:36 | 000,094,208 | ---- | M] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 14:21:51 | 000,692,806 | ---- | M] () -- C:\Users\Kenn\Documents\BDATS_1_Oroboros_CPS_037.jpg
[2011/06/22 14:21:31 | 000,598,332 | ---- | M] () -- C:\Users\Kenn\Documents\BDATS_1_Oroboros_CPS_035.jpg
[2011/06/22 14:19:51 | 000,882,893 | ---- | M] () -- C:\Users\Kenn\Documents\BDATS_1_Oroboros_CPS_001.jpg
[2011/06/22 04:09:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147919181-1169093923-3288007742-1000Core.job
[2011/06/21 21:11:42 | 000,642,004 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 21:11:42 | 000,119,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/20 21:41:04 | 000,322,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/18 00:33:12 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/17 15:04:03 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/06/17 11:50:16 | 000,711,728 | ---- | M] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | M] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,374 | ---- | M] () -- C:\Windows\is-VP4RR.lst
[2011/06/09 16:53:33 | 000,464,415 | ---- | M] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | M] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/22 14:21:51 | 000,692,806 | ---- | C] () -- C:\Users\Kenn\Documents\BDATS_1_Oroboros_CPS_037.jpg
[2011/06/22 14:21:31 | 000,598,332 | ---- | C] () -- C:\Users\Kenn\Documents\BDATS_1_Oroboros_CPS_035.jpg
[2011/06/22 14:19:50 | 000,882,893 | ---- | C] () -- C:\Users\Kenn\Documents\BDATS_1_Oroboros_CPS_001.jpg
[2011/06/18 00:33:12 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/18 00:32:28 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/17 11:50:16 | 000,711,728 | ---- | C] () -- C:\Windows\is-VP4RR.exe
[2011/06/17 11:50:16 | 000,010,498 | ---- | C] () -- C:\Windows\is-VP4RR.msg
[2011/06/17 11:50:16 | 000,000,374 | ---- | C] () -- C:\Windows\is-VP4RR.lst
[2011/06/09 16:53:33 | 000,464,415 | ---- | C] () -- C:\Users\Kenn\Documents\20.jpg
[2011/06/06 12:30:18 | 002,705,019 | ---- | C] () -- C:\Users\Kenn\Documents\Insider_Journal_III.pdf
[2011/05/03 10:13:47 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/30 06:41:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/30 06:41:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/30 06:41:48 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/30 06:41:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/30 06:41:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/24 19:46:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/02/10 17:51:58 | 003,075,072 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/11/04 19:45:49 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010/11/04 19:45:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2010/08/29 17:34:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/06/30 09:19:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/06/30 09:19:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 08:30:42 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/07 03:33:27 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/07 01:04:20 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2009/08/23 11:06:44 | 000,638,976 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/23 10:43:46 | 000,163,840 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/10 14:04:00 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/10 14:04:00 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/10 14:03:54 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2009/08/10 13:56:02 | 000,004,134 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 19:08:18 | 000,007,512 | ---- | C] () -- C:\Users\Kenn\AppData\Local\d3d9caps.dat
[2009/07/19 21:07:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/16 21:46:32 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/07/16 20:51:37 | 000,262,416 | ---- | C] () -- C:\Windows\System32\ASFV2.DLL
[2009/07/16 20:49:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\TDI-SonyOMG.dll
[2009/07/16 00:51:56 | 000,094,208 | ---- | C] () -- C:\Users\Kenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/16 00:33:51 | 000,157,768 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/07/08 16:29:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009/07/08 16:29:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/07/08 16:29:05 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/07/08 16:29:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 16:29:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/07/08 16:29:05 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/07/08 16:29:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/07/08 16:29:01 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/07/08 08:33:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/20 00:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/02/03 08:59:04 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,322,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,642,004 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,119,156 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/18 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\AnvSoft
[2011/05/13 23:26:42 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\avidemux
[2010/08/29 17:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Canneverbe Limited
[2010/11/15 23:48:41 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.air.oev
[2010/07/27 19:33:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 12:13:08 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Cool Record Edit Pro
[2009/07/23 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\DAEMON Tools Lite
[2010/04/28 13:14:09 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Desktopicon
[2011/04/18 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Dream Aquarium
[2009/09/02 12:24:57 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Free Sound Recorder
[2010/06/19 12:47:03 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\GrabPro
[2009/08/22 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\IcoFX
[2010/11/10 02:16:45 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ImgBurn
[2010/08/25 17:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\InterVideo
[2010/11/04 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\ooVoo Details
[2011/03/07 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Orbit
[2011/03/03 01:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Replay Media Catcher 4
[2011/01/11 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Rovio
[2010/12/24 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\SanDisk
[2011/04/11 00:15:58 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\TSRWorkshop
[2011/06/22 18:20:18 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\uTorrent
[2011/02/21 13:04:12 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\VistaCodecs
[2011/02/26 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\WinAVI
[2010/03/10 13:10:27 | 000,000,000 | ---D | M] -- C:\Users\Kenn\AppData\Roaming\Windows Live Writer
[2011/06/22 19:15:21 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
Again, I just want to say thank you for your efforts thus far. I'm not taking the chance of using Google or Bing, but have had a pretty smooth online experience otherwise today.

#8
Homburg

Posted 23 June 2011 - 11:14 AM

Trusted Helper

Malware Removal
665 posts

Hello,

Things are looking better, we'll do a couple of follow up scans to check:

Please do the following:

Step 1:

Start Posted Image

MalwareBytes

If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.

Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Step 3:

Please remember to post both the MalwareBytes scan log and also the ESet online scan log.

How is the PC running now?

Homburg

#9
NorthstarATL

Posted 23 June 2011 - 08:07 PM

Member

Topic Starter
Member
66 posts

Thanks again. I ran Malwarebytes and got the following log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6904

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/23/2011 6:50:59 PM
mbam-log-2011-06-23 (18-50-59).txt

Scan type: Quick scan
Objects scanned: 162876
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Then I ran ESET and got this as the threats detected:
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Kenn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Users\Kenn\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application cleaned by deleting - quarantined
I could not find a log in the location you specified, and when I go into Program Files ESET all that is in the folder are OnlineScanner.ocx and Online Scanner Uninstaller. Should I not have closed the scanner?

#10
Homburg

Posted 24 June 2011 - 11:31 AM

Trusted Helper

Malware Removal
665 posts

Hello NorthstarATL,

Your PC is now clean

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Reset SR Points/Clean up with OTL:

Double-click OTL to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Commands
[ClearAllRestorePoints]
```
Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
Then click the Run Fix button.
Let the program run unhindered. When finished click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.

Next

Please delete aswMBR and any remaining logs from your desktop.

1. Protection Now that you are clean, to help protect your computer in the future I recommend that you download the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place. It also consumes no system resources.
SpywareGuard to catch and block spyware before it can execute. It offers real time protection.
MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week.

2. Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

3. JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

4. Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

5. Firewall and antivirus.
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus.

It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use. Do not install more than one antivirus.

AVG
Avira Free
Avast

To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :unsure:

Homburg.

#11
NorthstarATL

Posted 25 June 2011 - 10:01 AM

Member

Topic Starter
Member
66 posts

Thank you SO much!

Took me a little while, but I followed your instructions, and things seem better now! I also followed your suggestions, and am running spyware blaster and guard, as well as zone alarm. Updated windows, adobe, and java took awhile, but will no doubt be worth it! Thank you again for your time and effort! Take care.

#12
Essexboy

Posted 30 June 2011 - 10:24 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.