ComboFix 11-11-14.02 - Ellery 11/14/2011 12:54:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2523 [GMT -8:00]
Running from: c:\users\Ellery\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6DSS92c31Apgjk.exe
c:\programdata\api-ms-win-core-memory-l1-1-032.dll
c:\programdata\fHXSUJnFKyQkA.exe
c:\programdata\KeyboardVerifierPolicy.dll
c:\programdata\nFEDeRLYbhvow.exe
c:\programdata\VBiiKvMvycJo.exe
c:\programdata\WKocfFMPaI.exe
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome.manifest
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome\content\_cfg.js
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\chrome\content\overlay.xul
c:\users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}\install.rdf
c:\users\Ellery\AppData\Local\Windows Server
c:\users\Ellery\AppData\Local\Windows Server\admin.txt
c:\users\Ellery\AppData\Local\Windows Server\hlp.dat
c:\users\Ellery\AppData\Local\Windows Server\server.dat
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\enemies-names.txt
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\local.ini
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\lsrslt.ini
c:\users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\upd_debug.exe
c:\users\Ellery\AppData\Roaming\Adobe\plugs
c:\users\Ellery\AppData\Roaming\Adobe\shed
c:\users\Ellery\AppData\Roaming\DataSafeDotNet.exe
c:\users\Ellery\AppData\Roaming\Install.dat
c:\users\Ellery\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appxmlaudio.exe
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Uninstall.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Zentom System Guard.lnk
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\chrome.manifest
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\chrome\xulcache.jar
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\defaults\preferences\xulcache.js
c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}\install.rdf
c:\users\Ellery\Desktop\Zentom System Guard.lnk
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\00000004.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000004.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\0.012512630369496347.exe
c:\windows\SysWow64\0.9245957040029168.exe
c:\windows\SysWow64\api-ms-win-core-memory-l1-1-032.dll
.
Infected copy of c:\windows\SysWow64\svchost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!svchost.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!Microsoft.NET!Framework!v2.0.50727!mscorsvw.exe
.
Infected copy of c:\windows\SysWOW64\dllhost.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!SysWOW64!dllhost.exe
.
Infected copy of c:\windows\SysWOW64\msiexec.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe
.
Infected copy of c:\windows\SysWOW64\msinfo32.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.1.7601.17514_none_1457169844ae9574\msinfo32.exe
.
Infected copy of c:\windows\SysWOW64\SearchIndexer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7600.20959_none_da51d5e68288dbee\SearchIndexer.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 21:07 . 2011-11-14 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 03:10 . 2011-11-09 03:17 117248 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-11-07 05:56 . 2011-11-07 06:41 -------- d-----w- c:\users\Ellery\AppData\Local\ElevatedDiagnostics
2011-11-06 23:00 . 2011-11-14 19:45 743352 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-10-31 02:48 . 2011-10-31 03:02 87293952 ----a-w- c:\users\Ellery\kavkis.msi
2011-10-27 07:28 . 2011-11-07 06:49 -------- d-----w- c:\users\Ellery\AppData\Roaming\Myo
2011-10-27 07:28 . 2011-10-27 07:28 -------- d-----w- c:\users\Ellery\AppData\Roaming\Imcuiqo
2011-10-27 05:56 . 2011-10-27 05:56 195072 ---ha-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe
2011-10-19 04:20 . 2011-10-19 04:20 -------- d--h--w- c:\windows\SysWow64\SL-SL
2011-10-18 02:45 . 2011-10-18 02:45 -------- d-----w- c:\programdata\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 21:14 . 2011-06-29 01:00 575488 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-11-14 21:14 . 2009-07-13 23:31 220672 ----a-w- c:\windows\SysWow64\msiexec.exe
2011-11-14 21:14 . 2009-07-13 23:19 168448 ----a-w- c:\windows\SysWow64\svchost.exe
2011-10-01 03:21 . 2011-10-14 05:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-14 05:35 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 03:07 . 2011-10-14 05:36 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-08-27 05:40 . 2011-10-14 05:35 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-14 05:35 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-14 05:35 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-14 05:35 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-20 05:45 . 2011-10-14 05:35 1197568 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 05:41 . 2011-10-14 05:35 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 04:38 . 2011-10-14 05:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-20 04:35 . 2011-10-14 05:35 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-20 04:20 . 2011-10-14 05:35 482816 ----a-w- c:\windows\system32\html.iec
2011-08-20 03:26 . 2011-10-14 05:35 386048 ----a-w- c:\windows\SysWow64\html.iec
2011-08-17 05:32 . 2011-10-14 05:35 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 05:27 . 2011-10-14 05:35 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-17 05:27 . 2011-10-14 05:35 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-17 05:27 . 2011-10-14 05:35 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 05:27 . 2011-10-14 05:35 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:26 . 2011-10-14 05:35 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22 . 2011-10-14 05:35 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22 . 2011-10-14 05:35 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22 . 2011-10-14 05:35 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22 . 2011-10-14 05:35 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-14 . 6F7729F773E12D681768E73D4A4889E6 . 168448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[-] 2011-10-25 . 786B20028C45C482A92D0FF8FADEE60B . 168448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2011-10-27 . DC1811B557A69A38E3CDAD2C9BA88F53 . 813568 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[7] 2011-08-20 . FA623BE79902A7B49FF4F21117B63C83 . 673024 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
[7] 2011-06-21 . A3AB0A260049BE22AB52E302D9220A92 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[7] 2011-06-21 . 6BB506124872ACDFAC5BD912CA1334CE . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[7] 2011-04-22 . 64EFAF916C4009F1B84153D0BB491FB0 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[7] 2011-04-22 . F94877A94996B3C12BB31AD722840457 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[7] 2011-02-24 . AB2BB40A5FE49AD236791AC22BD08869 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[7] 2011-02-24 . C6697A46554E36541E81182B258A19D6 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[7] 2010-12-18 . AA08B68EF4E35EFA170CF85A44B23B70 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[7] 2010-12-18 . 9321CF0D023528C71E3645F8433C86C8 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7600.16385] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[7] 2010-11-04 . 6B2258FF6D2332073FE9E90122FA4168 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[7] 2010-11-04 . 58CF468D3FF4CF830339FE5E45356355 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[7] 2010-09-08 . 14803EA3E5DD7CB37CB446C74CFDA38F . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[7] 2010-09-08 . 61EDBCE47ADF3E52AB0B9F49EE4AEBB8 . 673040 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-11-09 4114432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-21 148888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-09-11 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-18 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Microsoft Find Fast.lnk - c:\program files (x86)\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 259072]
Office Startup.lnk - c:\program files (x86)\Microsoft Office\Office\OSA.EXE [1996-11-17 199680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
isovfe.exe [2011-10-26 195072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-10-25 271872]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McNaiAnn32;McAfee VirusScan Announcer ;c:\windows\system32\portabledeviceapi32.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2011-11-09 303104]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"combofix"="c:\combofix\CF28253.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\windows\SysWOW64\WerFault.exe
.
**************************************************************************
.
Completion time: 2011-11-14 13:19:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 21:19
.
Pre-Run: 434,915,917,824 bytes free
Post-Run: 435,361,185,792 bytes free
.
- - End Of File - - 1EB07E917DF6CD5D550F0545433C5E6D
That was the ComboFix log and i hope this is right for the OTL.txt log:
OTL logfile created on: 11/14/2011 12:29:15 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ellery\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.96 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.54% Memory free
7.92 Gb Paging File | 6.68 Gb Available in Paging File | 84.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 404.58 Gb Free Space | 89.69% Space Free | Partition Type: NTFS
Computer Name: ELLERY-PC | User Name: Ellery | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/11/14 11:44:58 | 000,356,864 | ---- | M] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe
PRC - [2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
PRC - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
PRC - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
========== Modules (No Company Name) ========== MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/11/08 19:19:01 | 000,303,104 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:
64bit: - [2009/07/16 17:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:
64bit: - [2009/06/28 20:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2011/11/06 22:42:37 | 000,495,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2011/10/24 22:43:58 | 000,158,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/24 22:43:34 | 000,393,216 | ---- | M] (WildTangent, Inc.) [Auto | Running] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2011/10/24 22:42:57 | 000,271,872 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/24 22:42:38 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/08/18 07:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/03/10 22:22:41 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/10 22:22:40 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/12/14 18:51:20 | 000,051,712 | -H-- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2009/07/16 17:06:20 | 000,022,520 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:
64bit: - [2009/07/16 17:06:18 | 002,769,400 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:
64bit: - [2009/07/13 17:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 17:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 17:47:48 | 000,077,888 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/13 17:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/09 01:00:00 | 000,055,280 | -H-- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2009/06/28 20:44:38 | 000,487,424 | -H-- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2009/06/25 03:26:10 | 000,273,456 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:
64bit: - [2009/06/15 11:06:42 | 000,172,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:
64bit: - [2009/06/10 12:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 12:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 12:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 12:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/06/04 02:54:36 | 000,408,600 | -H-- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2009/06/02 19:16:56 | 007,333,472 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/05/19 19:10:00 | 000,393,728 | -H-- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:
64bit: - [2009/05/18 13:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2009/05/08 00:15:18 | 000,215,552 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:
64bit: - [2006/11/01 10:51:00 | 000,151,656 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/USCON/1IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {02C2357F-6111-4C54-9AAC-B4FA3F1191E9}:1.9.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/30 19:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}: C:\Users\Ellery\AppData\Local\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9} [2010/07/24 21:31:31 | 000,000,000 | ---D | M]
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Extensions
[2011/11/14 12:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions
[2011/06/12 22:53:00 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{3c7cfd8b-e79a-4569-8e10-43c9c39c7b5c}
[2011/10/08 14:12:59 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/10/30 19:03:53 | 000,000,000 | ---D | M] (.) -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2010/08/17 14:01:30 | 000,002,197 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\google-search.xml
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Mozilla\Firefox\Profiles\skz1dxvz.default\searchplugins\SearchResults.xml
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/08 14:13:03 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES (X86)\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2010/07/24 21:31:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ELLERY\APPDATA\LOCAL\{02C2357F-6111-4C54-9AAC-B4FA3F1191E9}
[2011/10/08 14:12:55 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O1 HOSTS File: ([2011/10/24 11:51:35 | 000,000,884 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:
64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\RunOnce: [*bridgeeditwin.exe] C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe (©mYSystems)
O4 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\isovfe.exe (Radialpoint Inc.)
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk = C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231\finc70dkk.exe (©mYSystems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:
64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412B5C3D-27AE-4B40-B566-FF34FD010B4D}: DhcpNameServer = 134.139.19.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6856E191-803C-433A-B603-54C8CF1692AF}: DhcpNameServer = 192.168.1.254
O18:
64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:
64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4018035911-1171316561-4070910582-1000\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/11/14 11:44:58 | 000,356,864 | ---- | C] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe
[2011/11/08 19:12:46 | 000,584,192 | R--- | C] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/08 19:10:52 | 000,117,248 | ---- | C] (CANON INC.) -- C:\ProgramData\KeyboardVerifierPolicy.dll
[2011/11/06 21:56:54 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Local\ElevatedDiagnostics
[2011/11/06 21:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/06 21:15:59 | 000,000,000 | ---D | C] -- C:\Users\Ellery\Desktop\RK_Quarantine
[2011/11/06 14:54:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/30 18:52:22 | 000,493,568 | ---- | C] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
[2011/10/30 18:41:17 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/10/26 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/10/18 20:20:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\SL-SL
[2011/10/17 18:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/06/12 22:53:00 | 000,175,616 | ---- | C] (Dmitry Streblechenko) -- C:\ProgramData\api-ms-win-core-memory-l1-1-032.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/11/14 12:27:58 | 000,578,442 | ---- | M] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/14 12:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/14 11:48:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 11:48:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/14 11:45:12 | 000,001,154 | ---- | M] () -- C:\Users\Ellery\Desktop\Zentom System Guard.lnk
[2011/11/14 11:45:12 | 000,001,146 | ---- | M] () -- C:\Users\Ellery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zentom System Guard.lnk
[2011/11/14 11:45:12 | 000,001,134 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
[2011/11/14 11:44:58 | 000,356,864 | ---- | M] (©mYSystems) -- C:\Users\Ellery\AppData\Roaming\bridgeeditwin.exe
[2011/11/14 11:40:33 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/08 19:12:46 | 000,584,192 | R--- | M] (OldTimer Tools) -- C:\Users\Ellery\Desktop\OTL.exe
[2011/11/06 14:36:52 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 19:02:08 | 087,293,952 | ---- | M] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:52:05 | 000,493,568 | ---- | M] (Don H don.h@fr) -- C:\ProgramData\VBiiKvMvycJo.exe
[2011/10/30 18:44:16 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | M] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | M] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/30 18:41:07 | 000,322,960 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/29 13:56:36 | 000,401,296 | ---- | M] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
[2011/10/26 23:43:55 | 000,397,200 | ---- | M] () -- C:\ProgramData\nFEDeRLYbhvow.exe
[2011/10/26 21:59:30 | 000,034,627 | -H-- | M] () -- C:\Windows\SysWow64\0.9245957040029168.exe
[2011/10/26 21:42:37 | 000,013,632 | -H-- | M] () -- C:\Windows\SysWow64\0.012512630369496347.exe
[2011/10/24 23:00:38 | 000,411,536 | ---- | M] () -- C:\ProgramData\WKocfFMPaI.exe
[2011/10/24 11:51:35 | 000,000,884 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/17 02:24:36 | 000,422,112 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/17 02:02:33 | 000,740,374 | -H-- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/17 02:02:33 | 000,624,178 | -H-- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/17 02:02:33 | 000,106,522 | -H-- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Ellery\Desktop\*.tmp files -> C:\Users\Ellery\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/11/14 12:27:58 | 000,578,442 | ---- | C] () -- C:\Users\Ellery\Desktop\OTL.zip
[2011/11/06 14:36:52 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/30 18:48:47 | 087,293,952 | ---- | C] () -- C:\Users\Ellery\kavkis.msi
[2011/10/30 18:42:58 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/30 18:41:18 | 000,000,040 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/30 18:41:17 | 000,000,683 | ---- | C] () -- C:\Users\Ellery\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/30 18:41:17 | 000,000,659 | ---- | C] () -- C:\Users\Ellery\Desktop\System Restore.lnk
[2011/10/30 18:41:07 | 000,322,960 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/29 13:56:37 | 000,401,296 | ---- | C] () -- C:\ProgramData\fHXSUJnFKyQkA.exe
[2011/10/26 23:43:56 | 000,397,200 | ---- | C] () -- C:\ProgramData\nFEDeRLYbhvow.exe
[2011/10/26 21:42:39 | 000,034,627 | -H-- | C] () -- C:\Windows\SysWow64\0.9245957040029168.exe
[2011/10/25 20:06:54 | 000,013,632 | -H-- | C] () -- C:\Windows\SysWow64\0.012512630369496347.exe
[2011/10/24 23:00:41 | 000,411,536 | ---- | C] () -- C:\ProgramData\WKocfFMPaI.exe
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\Users\Ellery\AppData\Local\2942080039
[2011/03/07 15:37:07 | 000,009,744 | --S- | C] () -- C:\ProgramData\2942080039
[2011/01/08 17:01:56 | 000,000,022 | -H-- | C] () -- C:\Windows\exchng.ini
[2011/01/08 17:01:55 | 000,000,957 | -H-- | C] () -- C:\Windows\ODBCINST.INI
[2011/01/08 17:01:55 | 000,000,611 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010/09/04 21:04:18 | 000,000,584 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/07/24 21:31:32 | 000,000,000 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Chilifalutiholu.bin
[2010/07/24 21:31:31 | 000,000,120 | ---- | C] () -- C:\Users\Ellery\AppData\Local\Qyujuwaru.dat
[2010/02/11 19:14:02 | 000,065,536 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\DataSafeDotNet.exe
[2010/01/02 13:42:32 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/31 18:27:33 | 000,009,216 | ---- | C] () -- C:\Users\Ellery\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 13:20:23 | 000,002,154 | ---- | C] () -- C:\Users\Ellery\AppData\Roaming\install.dat
[2009/12/21 10:01:54 | 000,982,220 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/12/21 10:01:52 | 000,134,592 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/12/21 10:01:52 | 000,092,216 | -H-- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/12/21 10:01:51 | 000,433,024 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/12/21 08:42:17 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[1996/11/17 00:00:00 | 000,094,208 | -H-- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/17 00:00:00 | 000,047,104 | -H-- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | -H-- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
========== LOP Check ========== [2011/10/17 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\6175188136284D9FF8ED53EB58737231
[2010/01/02 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\acccore
[2011/10/26 23:28:53 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Imcuiqo
[2011/11/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\Myo
[2011/09/12 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\PCDr
[2010/01/02 03:47:40 | 000,000,000 | ---D | M] -- C:\Users\Ellery\AppData\Roaming\WildTangent
[2009/07/13 21:08:49 | 000,031,514 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== < End of report >