[love2teach956]

Help! My daughter's laptop that is Windows 7 OS won't run any programs. When she boots up, there are tons of pop up error messages. Laptop is about 18 mths old. Her dad let the McAfee virus program expire so she's had no safety program for quite some time.
Some error msgs: Hard drive rotational speed has been decreased by 20%
Disk Drive C unreadable
Damaged hard drive clusters detected
There's a Zentom System Guard window that keeps popping up wanting her to buy their program.
Windows OS can't detect hard drive space. Hard drive error

There's more, but we'll start there. I cannot afford to take her laptop in for repair. You guys have always been amazing for me and I need help now for her. She's a senior in high school, desperately needs her computer to get her through the year with home work. There's no other computer in home either

thank you in advance!!
Maria

[Advertisements]

Hi, Maria! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

First of all, sorry for the delay in someone getting to you. Can you let me know if you still require any help with this?

[BlackOxide]

Hi, Maria! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:

• Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
• Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
• I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
• If you are not sure of anything along the way, just ask.

First of all, sorry for the delay in someone getting to you. Can you let me know if you still require any help with this?

[love2teach956]

Hi,

thanks so much for the response. Don't worry about any delay. I totally appreciate all your help! I work a 40hr work week and so there will be delays in me getting responses to you as well. Yes, her computer is still acting up, I haven't turned it back on since I wrote you until now.

Maria

[BlackOxide]

Hey,

I work a 40hr work week and so there will be delays in me getting responses to you as well.

Same here as well, so don't worry about any delays


Let's try this method first, to see if we can start removing this malware, or at least get some programs to run normally.

Please don't run any Junk/Temp File cleaner tools for the time being.



Just follow the instructions below...


Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and press Enter on the keyboard
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Once this has been done, run RogueKiller again and do the following...

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 6 and press Enter on the keyboard
• The RKreport.txt shall be generated next to the executable.

Please post the contents of the RKreport.txt file(s) in your next Reply.


If you cannot do the above due to the malware interfering, try following the instructions as above again, but this time with your computer booted into Safe Mode with Networking

To get into Safe Mode with Networking:

• Switch on your PC and immediately start tapping the F8 key on the keyboard
• Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
• Make sure Safe Mode with Networking is highlighted and then press Enter
• Your PC will now boot into Safe Mode.

[love2teach956]

i got her computer up in safe mode, but either mode she has no programs in her start menu, no browser so I can't open your site to click on RogueKiller to download it. Can I download it on my laptop and try to save to a disc and put on hers?

[BlackOxide]

Can I download it on my laptop and try to save to a disc and put on hers?

Yes, that's fine to do. Either put the downloaded file onto a CD or a USB stick if you have one.

Once it is on a CD or USB Stick, insert it into the laptop, then on the keyboard, hold down the 'Windows' key (the key with the Windows logo on it, next to the Ctrl key on the left hand side) and then press 'E' whilst still holding the Windows key. This should then bring up Windows Explorer, so you can navigate to the CD or USB Stick's drive.

I would recommend copying the RogueKiller.exe file to the C:\ drive and run it from there. Once RogueKiller is running, just follow the steps from the earlier post and then get back to me with the logs if possible please.

If you have any problems, just let me know

[love2teach956]

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User: Ellery [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/06/2011 21:22:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 11 / Fail 0
Quick launch: Success 12 / Fail 0
Programs: Success 34184 / Fail 0
Start menu: Success 74 / Fail 0
User folder: Success 12869 / Fail 0
My documents: Success 115 / Fail 0
My favorites: Success 31 / Fail 0
My pictures: Success 457 / Fail 0
My music: Success 359 / Fail 0
My videos: Success 1 / Fail 0
Local drives: Success 10118 / Fail 0
Backup: [FOUND] Success 1 / Fail 0

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored

¤¤¤ Infection : Fake HDD ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt


hope this is right. i couldn't load roguekiller to c drive so I left it on the stick. I think there's another folder called rkquarantine. but this is only log that came up. Now when i put stick back onto her computer it doesnt even register the removeable e drive.

[BlackOxide]

Yep, that's right, thanks. That's the log for when you ran Option 6. Is the log there for when you ran Option 2, it should be next to it. If not, try rebooting the laptop, then run RogueKiller again with Option 2. If you have trouble with any of this, just move on and try the following program as hopefully your Start Menu and icons are now back.


OTL Quick Scan
Download OTL to your Desktop

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Tick the Scan All Users box at the top
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In your next reply
Please post the contents of...
RogueKiller log (if possible)
OTL log

[love2teach956]

her laptop won't recognize the usb stick anymore i put rogue killer and otl on discs. rogue killer 2 was a delete option. didn't give me any other report. I tried to do OTL. I clicked scan all users and quick scan. her laptop made noise like it was working and then seemed to freeze. got no text to report/save and couldn't exit out without just shutting computer off.

[BlackOxide]

Okey dokey, no worries. This malware is being quite stubborn.

Could you boot into Safe Mode again for me please, then follow the instructions below. Hopefully we will be able to get an OTL log this time



1)
We need to disable malware processes on your system first

• Download TheKiller to your Desktop (in your case, via a CD, as the USB stick is not recognisable)
• Note that TheKiller is renamed as explorer.exe
• Run it by double click
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times



2)
OTL Quick Scan

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Tick the Scan All Users box at the top
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window.
• Please post the contents of this log

In your next reply
Please post the contents of...
OTL log

[love2teach956]

can't get anything off of RogueKiller for option #2.
Here is OTL log named OTL.text, I never got another notepad window called Extras.txt.


OTL logfile created on: 11/13/2011 8:32:07 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.60% Memory free
7.92 Gb Paging File | 6.45 Gb Available in Paging File | 81.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 404.88 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/13 20:31:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ellery\Downloads\OTL.exe
PRC - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2011/11/06 21:56:15 | 001,052,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
PRC - [2011/10/08 14:14:17 | 002,104,832 | ---- | M] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe
PRC - [2011/09/27 09:10:37 | 001,700,752 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2011/09/06 09:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 07:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 09:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/24 18:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/04 17:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 02:39:20 | 002,295,296 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/17 02:39:16 | 000,997,888 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/17 02:31:17 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/17 02:31:08 | 001,840,640 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll
MOD - [2011/10/17 02:30:47 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/17 02:30:32 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/17 02:30:25 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/17 02:30:22 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/17 02:30:11 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/17 02:30:05 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/17 02:30:02 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/17 02:30:01 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/17 02:29:52 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/19 15:59:10 | 001,000,920 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/08/18 07:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/08/01 21:13:55 | 005,612,496 | -H-- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/09/11 10:08:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/09/11 10:08:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/09/11 10:08:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/09/11 10:07:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/09/11 10:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/08/21 08:57:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2011/10/24 22:43:58 | 000,158,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) [Auto | Running] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/10/24 22:42:57 | 000,271,872 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/24 22:42:38 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2C C0 F2 00 DE 99 70 40 B8 32 11 C3 D4 4E 73 39 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2C C0 F2 00 DE 99 70 40 B8 32 11 C3 D4 4E 73 39 [binary data]

IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2C C0 F2 00 DE 99 70 40 B8 32 11 C3 D4 4E 73 39 [binary data]
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
FF - prefs.js..browser.search.order.1: "iLivid Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {02C2357F-6111-4C54-9AAC-B4FA3F1191E9}:1.9.1
FF - prefs.js..extensions.enabledItems: {3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
FF - prefs.js..extensions.enabledItems: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1
FF - prefs.js..keyword.URL: "http://www.searchqu....id=406&sr=0&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} [2010/07/24 21:31:31 | 000,000,000 | ---D | M]

[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/13 20:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/06/12 22:53:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}
[2011/10/08 14:12:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/10/30 19:03:53 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2010/07/24 21:31:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ELLERY\APPDATA\LOCAL\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2011/10/24 11:51:35 | 000,000,884 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Reg Error: Value error.) - {00F2C02C-99DE-4070-B832-11C3D44E7339} - C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (AIDEX Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (86c71461) - {70AF9EE4-D03E-699B-6185-6689BE77B27A} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Dmitry Streblechenko)
O2 - BHO: (86c71461) - {8987D84F-0C82-A4BE-2F4C-6AA26E207B02} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Dmitry Streblechenko)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [finc70dkk.exe] C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe (©mYSystems)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [*streampackbridge.exe] C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe (©mYSystems)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe (©mYSystems)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk = C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe (©mYSystems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll) -C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Dmitry Streblechenko)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/13 20:20:01 | 000,356,864 | ---- | C] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe
[2011/11/08 19:10:52 | 000,117,248 | ---- | C] (CANON INC.) -- C:\ProgramData\KeyboardVerifierPolicy.dll
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/30 18:52:22 | 000,493,568 | ---- | C] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
[2011/10/30 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/10/18 20:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\SL-SL
[2011/10/17 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/12 22:53:00 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/13 20:20:01 | 000,356,864 | ---- | M] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe
[2011/11/13 20:19:57 | 000,001,154 | ---- | M] () -- C:\Users\Ellery\Desktop\Zentom System Guard.lnk
[2011/11/13 20:19:57 | 000,001,146 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/11/13 20:19:57 | 000,001,134 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
[2011/11/13 20:19:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 20:19:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/13 20:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/13 20:12:06 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 14:36:52 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:52:05 | 000,493,568 | ---- | M] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
[2011/10/30 18:44:16 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | M] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/30 18:41:07 | 000,322,960 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/29 13:56:36 | 000,401,296 | ---- | M] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
[2011/10/26 23:43:55 | 000,397,200 | ---- | M] () -- C:\ProgramData\nFEDeRLYbhvow.exe
[2011/10/26 21:59:30 | 000,034,627 | -H-- | M] () -- C:\Windows\SysWow64\0.9245957040029168.exe
[2011/10/26 21:42:37 | 000,013,632 | -H-- | M] () -- C:\Windows\SysWow64\0.012512630369496347.exe
[2011/10/24 23:00:38 | 000,411,536 | ---- | M] () -- C:\ProgramData\WKocfFMPaI.exe
[2011/10/24 11:51:35 | 000,000,884 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/17 02:24:36 | 000,422,112 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 02:02:33 | 000,740,374 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 02:02:33 | 000,624,178 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 02:02:33 | 000,106,522 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 14:36:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:42:58 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | C] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/30 18:41:07 | 000,322,960 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/29 13:56:37 | 000,401,296 | ---- | C] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
[2011/10/26 23:43:56 | 000,397,200 | ---- | C] () -- C:\ProgramData\nFEDeRLYbhvow.exe
[2011/10/26 21:42:39 | 000,034,627 | -H-- | C] () -- C:\Windows\SysWow64\0.9245957040029168.exe
[2011/10/25 20:06:54 | 000,013,632 | -H-- | C] () -- C:\Windows\SysWow64\0.012512630369496347.exe
[2011/10/24 23:00:41 | 000,411,536 | ---- | C] () -- C:\ProgramData\WKocfFMPaI.exe
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
[2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
[2010/02/11 19:14:02 | 000,065,536 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\DataSafeDotNet.exe
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 13:20:23 | 000,002,154 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\install.dat
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2011/10/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2009/07/13 21:08:49 | 000,031,260 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[BlackOxide]

Well done on getting the OTL log. I can see why you were having trouble. There are many malware entries within the log that need removing.

We'll get OTL to remove as many as possible, then I'd like you to run ComboFix. If you have any trouble running OTL again, just try 'TheKiller' as before, to see if this enables it to run.



1)
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :processes
  killallprocesses
  
  :OTL
  IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2C C0 F2 00 DE 99 70 40 B8 32 11 C3 D4 4E 73 39 [binary data]
  IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2C C0 F2 00 DE 99 70 40 B8 32 11 C3 D4 4E 73 39 [binary data]
  IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
  IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2C C0 F2 00 DE 99 70 40 B8 32 11 C3 D4 4E 73 39 [binary data]
  FF - prefs.js..browser.search.defaultenginename: "iLivid Web Search"
  FF - prefs.js..browser.search.order.1: "iLivid Web Search"
  FF - prefs.js..browser.search.selectedEngine: "Search"
  FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
  FF - prefs.js..extensions.enabledItems: {3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}:1.0
  FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
  FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.4.1.00
  FF - prefs.js..extensions.enabledItems: {ec9032c7-c20a-464f-7b0e-13a3a9e97385}:1
  FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=210&systemid=406&sr=0&q="
  [2011/06/12 22:53:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}
  [2011/10/08 14:12:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
  [2011/10/30 19:03:53 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
  [2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml
  [2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
  [2011/10/08 14:13:03 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
  [2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
  O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc)
  O2 - BHO: (Reg Error: Value error.) - {00F2C02C-99DE-4070-B832-11C3D44E7339} - C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-032.dll (AIDEX Team)
  O2 - BHO: (86c71461) - {70AF9EE4-D03E-699B-6185-6689BE77B27A} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Dmitry Streblechenko)
  O2 - BHO: (86c71461) - {8987D84F-0C82-A4BE-2F4C-6AA26E207B02} - C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Dmitry Streblechenko)
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (Bandoo Media, inc)
  O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [finc70dkk.exe] C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe (©mYSystems)
  O4 - HKLM..\RunOnce: [*streampackbridge.exe] C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe (©mYSystems)
  O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
  O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
  O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe (©mYSystems)
  O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk = C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe (©mYSystems)
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
  O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
  O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) -C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll) -C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll (Dmitry Streblechenko)
  [2011/11/13 20:20:01 | 000,356,864 | ---- | C] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\streampackbridge.exe
  [2011/11/08 19:10:52 | 000,117,248 | ---- | C] (CANON INC.) -- C:\ProgramData\KeyboardVerifierPolicy.dll
  [2011/10/30 18:52:22 | 000,493,568 | ---- | C] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
  [2011/10/30 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
  [2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Myo
  [2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
  [2011/10/18 20:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\SL-SL
  [2011/06/12 22:53:00 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
  [2011/11/13 20:19:57 | 000,001,154 | ---- | M] () -- C:\Users\Ellery\Desktop\Zentom System Guard.lnk
  [2011/11/13 20:19:57 | 000,001,146 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
  [2011/11/13 20:19:57 | 000,001,134 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
  [2011/11/06 14:36:52 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
  [2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
  [2011/10/30 18:44:16 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
  [2011/10/30 18:41:17 | 000,000,683 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
  [2011/10/30 18:41:17 | 000,000,659 | ---- | M] () -- C:\Users\Ellery\Desktop\System Restore.lnk
  [2011/10/30 18:41:07 | 000,322,960 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
  [2011/10/29 13:56:36 | 000,401,296 | ---- | M] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
  [2011/10/26 23:43:55 | 000,397,200 | ---- | M] () -- C:\ProgramData\nFEDeRLYbhvow.exe
  [2011/10/26 21:59:30 | 000,034,627 | -H-- | M] () -- C:\Windows\SysWow64\0.9245957040029168.exe
  [2011/10/26 21:42:37 | 000,013,632 | -H-- | M] () -- C:\Windows\SysWow64\0.012512630369496347.exe
  [2011/10/24 23:00:38 | 000,411,536 | ---- | M] () -- C:\ProgramData\WKocfFMPaI.exe
  [2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
  [2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
  [2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
  [2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
  [2011/10/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231
  [2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
  [2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
  
  :Services
  
  :Reg
  [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  [HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
  XMLHTTP_UUID_Default=-
  
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done.
• A log may appear when the PC restarts. Just close this text file.
• Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.

2)
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now





In your next reply
Please post the contents of...
OTL log
ComboFix log

[love2teach956]

ComboFix 11-11-14.02 - Ellery 11/14/2011 12:54:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2523 [GMT -8:00]
Running from: c:\users\Ellery\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6DSS92c31Apgjk.exe
c:\programdata\api-ms-win-core-memory-l1-1-032.dll
c:\programdata\fHXSUJnFKyQkA.exe
c:\programdata\KeyboardVerifierPolicy.dll
c:\programdata\nFEDeRLYbhvow.exe
c:\programdata\VBiiKvMvycJo.exe
c:\programdata\WKocfFMPaI.exe
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome.manifest
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome\content\_cfg.js
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome\content\overlay.xul
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\install.rdf
c:\users\Ellery\AppData\Local\Windows Server
c:\users\Ellery\AppData\Local\Windows Server\admin.txt
c:\users\Ellery\AppData\Local\Windows Server\hlp.dat
c:\users\Ellery\AppData\Local\Windows Server\server.dat
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\enemies-names.txt
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\local.ini
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\lsrslt.ini
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\upd_debug.exe
c:\users\Ellery\AppData\Roaming\Adobe\plugs
c:\users\Ellery\AppData\Roaming\Adobe\shed
c:\users\Ellery\AppData\Roaming\DataSafeDotNet.exe
c:\users\Ellery\AppData\Roaming\Install.dat
c:\users\Ellery\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appxmlaudio.exe
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\chrome.manifest
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\chrome\xulcache.jar
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\defaults\preferences\xulcache.js
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\install.rdf
c:\users\Ellery\Desktop\Zentom System Guard.lnk
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\00000004.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000004.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\0.012512630369496347.exe
c:\windows\SysWow64\0.9245957040029168.exe
c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
.
Infected copy of c:\windows\SysWow64\svchost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!svchost.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!Microsoft.NET!Framework!v2.0.50727!mscorsvw.exe
.
Infected copy of c:\windows\SysWOW64\dllhost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!dllhost.exe
.
Infected copy of c:\windows\SysWOW64\msiexec.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe
.
Infected copy of c:\windows\SysWOW64\msinfo32.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_1457169844ae9574\msinfo32.exe
.
Infected copy of c:\windows\SysWOW64\SearchIndexer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7600.20959_none_da51d5e68288dbee\SearchIndexer.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 21:07 . 2011-11-14 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 03:10 . 2011-11-09 03:17 117248 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-11-07 05:56 . 2011-11-07 06:41 -------- d-----w- c:\users\Ellery\AppData\Local\ElevatedDiagnostics
2011-11-06 23:00 . 2011-11-14 19:45 743352 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-31 02:48 . 2011-10-31 03:02 87293952 ----a-w- c:\users\Ellery\kavkis.msi
2011-10-27 07:28 . 2011-11-07 06:49 -------- d-----w- c:\users\Ellery\AppData\Roaming\Myo
2011-10-27 07:28 . 2011-10-27 07:28 -------- d-----w- c:\users\Ellery\AppData\Roaming\Imcuiqo
2011-10-27 05:56 . 2011-10-27 05:56 195072 ---ha-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe
2011-10-19 04:20 . 2011-10-19 04:20 -------- d--h--w- c:\windows\SysWow64\SL-SL
2011-10-18 02:45 . 2011-10-18 02:45 -------- d-----w- c:\programdata\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 21:14 . 2011-06-29 01:00 575488 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-11-14 21:14 . 2009-07-13 23:31 220672 ----a-w- c:\windows\SysWow64\msiexec.exe
2011-11-14 21:14 . 2009-07-13 23:19 168448 ----a-w- c:\windows\SysWow64\svchost.exe
2011-10-01 03:21 . 2011-10-14 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-14 05:35 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 03:07 . 2011-10-14 05:36 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-08-27 05:40 . 2011-10-14 05:35 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-14 05:35 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-14 05:35 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-14 05:35 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-20 05:45 . 2011-10-14 05:35 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-14 05:35 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-14 05:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-20 04:35 . 2011-10-14 05:35 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-14 05:35 482816 ----a-w- c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-14 05:35 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-08-17 05:32 . 2011-10-14 05:35 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:27 . 2011-10-14 05:35 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-17 05:27 . 2011-10-14 05:35 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-17 05:27 . 2011-10-14 05:35 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 05:27 . 2011-10-14 05:35 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:26 . 2011-10-14 05:35 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22 . 2011-10-14 05:35 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22 . 2011-10-14 05:35 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22 . 2011-10-14 05:35 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22 . 2011-10-14 05:35 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-14 . 6F7729F773E12D681768E73D4A4889E6 . 168448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[-] 2011-10-25 . 786B20028C45C482A92D0FF8FADEE60B . 168448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2011-10-27 . DC1811B557A69A38E3CDAD2C9BA88F53 . 813568 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[7] 2011-08-20 . FA623BE79902A7B49FF4F21117B63C83 . 673024 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
[7] 2011-06-21 . A3AB0A260049BE22AB52E302D9220A92 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[7] 2011-06-21 . 6BB506124872ACDFAC5BD912CA1334CE . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[7] 2011-04-22 . 64EFAF916C4009F1B84153D0BB491FB0 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[7] 2011-04-22 . F94877A94996B3C12BB31AD722840457 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[7] 2011-02-24 . AB2BB40A5FE49AD236791AC22BD08869 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[7] 2011-02-24 . C6697A46554E36541E81182B258A19D6 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[7] 2010-12-18 . AA08B68EF4E35EFA170CF85A44B23B70 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[7] 2010-12-18 . 9321CF0D023528C71E3645F8433C86C8 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7600.16385] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[7] 2010-11-04 . 6B2258FF6D2332073FE9E90122FA4168 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[7] 2010-11-04 . 58CF468D3FF4CF830339FE5E45356355 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[7] 2010-09-08 . 14803EA3E5DD7CB37CB446C74CFDA38F . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[7] 2010-09-08 . 61EDBCE47ADF3E52AB0B9F49EE4AEBB8 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-11-09 4114432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-21 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-18 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Microsoft Find Fast.lnk - c:\program files (x86)\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 259072]
Office Startup.lnk - c:\program files (x86)\Microsoft Office\Office\OSA.EXE [1996-11-17 199680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
isovfe.exe [2011-10-26 195072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-10-25 271872]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McNaiAnn32;McAfee VirusScan Announcer ;c:\windows\system32\portabledeviceapi32.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2011-11-09 303104]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"combofix"="c:\combofix\CF28253.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\windows\SysWOW64\WerFault.exe
.
**************************************************************************
.
Completion time: 2011-11-14 13:19:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 21:19
.
Pre-Run: 434,915,917,824 bytes free
Post-Run: 435,361,185,792 bytes free
.
- - End Of File - - 1EB07E917DF6CD5D550F0545433C5E6D


That was the ComboFix log and i hope this is right for the OTL.txt log:


OTL logfile created on: 11/14/2011 12:29:15 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.54% Memory free
7.92 Gb Paging File | 6.68 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 404.58 Gb Free Space | 89.69% Space Free | Partition Type: NTFS

Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/14 11:44:58 | 000,356,864 | ---- | M] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe
PRC - [2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
PRC - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe


========== Modules (No Company Name) ==========

MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2011/10/24 22:43:58 | 000,158,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) [Auto | Running] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/10/24 22:42:57 | 000,271,872 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/24 22:42:38 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {02C2357F-6111-4C54-9AAC-B4FA3F1191E9}:1.9.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} [2010/07/24 21:31:31 | 000,000,000 | ---D | M]

[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/14 12:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/06/12 22:53:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}
[2011/10/08 14:12:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/10/30 19:03:53 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2010/07/24 21:31:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ELLERY\APPDATA\LOCAL\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2011/10/24 11:51:35 | 000,000,884 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\RunOnce: [*bridgeeditwin.exe] C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe (©mYSystems)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk = C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe (©mYSystems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/14 11:44:58 | 000,356,864 | ---- | C] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe
[2011/11/08 19:12:46 | 000,584,192 | R--- | C] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/08 19:10:52 | 000,117,248 | ---- | C] (CANON INC.) -- C:\ProgramData\KeyboardVerifierPolicy.dll
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/30 18:52:22 | 000,493,568 | ---- | C] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
[2011/10/30 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/10/18 20:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\SL-SL
[2011/10/17 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/12 22:53:00 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/14 12:27:58 | 000,578,442 | ---- | M] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/14 12:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/14 11:48:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 11:48:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 11:45:12 | 000,001,154 | ---- | M] () -- C:\Users\Ellery\Desktop\Zentom System Guard.lnk
[2011/11/14 11:45:12 | 000,001,146 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/11/14 11:45:12 | 000,001,134 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
[2011/11/14 11:44:58 | 000,356,864 | ---- | M] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe
[2011/11/14 11:40:33 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 14:36:52 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:52:05 | 000,493,568 | ---- | M] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
[2011/10/30 18:44:16 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | M] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/30 18:41:07 | 000,322,960 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/29 13:56:36 | 000,401,296 | ---- | M] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
[2011/10/26 23:43:55 | 000,397,200 | ---- | M] () -- C:\ProgramData\nFEDeRLYbhvow.exe
[2011/10/26 21:59:30 | 000,034,627 | -H-- | M] () -- C:\Windows\SysWow64\0.9245957040029168.exe
[2011/10/26 21:42:37 | 000,013,632 | -H-- | M] () -- C:\Windows\SysWow64\0.012512630369496347.exe
[2011/10/24 23:00:38 | 000,411,536 | ---- | M] () -- C:\ProgramData\WKocfFMPaI.exe
[2011/10/24 11:51:35 | 000,000,884 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/17 02:24:36 | 000,422,112 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 02:02:33 | 000,740,374 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 02:02:33 | 000,624,178 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 02:02:33 | 000,106,522 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/14 12:27:58 | 000,578,442 | ---- | C] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/06 14:36:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:42:58 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | C] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/30 18:41:07 | 000,322,960 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/29 13:56:37 | 000,401,296 | ---- | C] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
[2011/10/26 23:43:56 | 000,397,200 | ---- | C] () -- C:\ProgramData\nFEDeRLYbhvow.exe
[2011/10/26 21:42:39 | 000,034,627 | -H-- | C] () -- C:\Windows\SysWow64\0.9245957040029168.exe
[2011/10/25 20:06:54 | 000,013,632 | -H-- | C] () -- C:\Windows\SysWow64\0.012512630369496347.exe
[2011/10/24 23:00:41 | 000,411,536 | ---- | C] () -- C:\ProgramData\WKocfFMPaI.exe
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
[2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
[2010/02/11 19:14:02 | 000,065,536 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\DataSafeDotNet.exe
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 13:20:23 | 000,002,154 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\install.dat
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2011/10/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2009/07/13 21:08:49 | 000,031,514 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[BlackOxide]

Hey,

ComboFix seemed to go through fine, but it looks like the OTL fix didn't. No worries, if you could just get me a fresh OTL log please, so I can see what is still leftover after the ComboFix scan



1)
OTL Quick Scan

• Double click on the OTL icon to run it.
• When the window appears, underneath Output at the top, make sure Standard Output is selected.
• Tick the Scan All Users box at the top
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window.
• Please post the contents of this log

[love2teach956]

here is the OTL scan from today.




[2011/10/30 18:41:17 | 000,000,659 | ---- | C] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
[2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2009/07/13 21:08:49 | 000,032,018 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >