*note* qall ran in safe mode
OTL Extras logfile created on: 4/21/2012 7:38:33 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 7.04 Gb Available Physical Memory | 88.08% Memory free
16.05 Gb Paging File | 15.35 Gb Available in Paging File | 95.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 0.63 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 1.87 Gb Total Space | 0.72 Gb Free Space | 38.78% Space Free | Partition Type: FAT
Drive G: | 931.51 Gb Total Space | 415.61 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 45 24 2A 63 E3 A6 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08804478-7A0F-416D-B91A-3607C407C506}" = rport=445 | protocol=6 | dir=out | app=system |
"{1E39B470-43F4-4C7F-BD03-6623581090B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3564ABA3-3F3B-4853-9F1B-8871EE69D1F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{40C1D9C4-8D21-444B-AFDF-A34175946CBE}" = rport=138 | protocol=17 | dir=out | app=system |
"{514D187C-B02C-43F7-A235-99FDACF1ED57}" = lport=139 | protocol=6 | dir=in | app=system |
"{55FAC87B-F590-4603-ACCB-60213C849C5F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A4B7F4C-882F-44D3-9E73-485BDF63944C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{6EEE7F2A-38D3-46C5-B2F2-DE820791AD34}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{6F4D4859-BFBA-4263-B9BE-531A339D9DF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{814158A0-A603-40DA-9481-E60912CDBD43}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{868B76FD-8B85-4BEF-B3B5-CBC26FEB3CC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{95A3C971-6E67-4CB5-8CEB-8B2D7EA44B38}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{95B402B8-E14D-431F-85EE-1C4CA881CAFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{95E29772-5C71-44EA-867F-EDBB6DEEFFED}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{B181EDA0-FB60-42CF-8C9A-934F440D73C6}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{D26A4A4D-D8AD-47DE-A0A3-708D6F58396F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{D63642AA-422A-480C-9607-0644C17B70C5}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9FF27C3-C097-4BBD-A35E-D4E71FEDE949}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FA0F8B32-768E-4D9C-AD84-A1300E70DE82}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{FF0D110F-43D1-40B5-A1A7-C2E181B74F0A}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC05018-5CB8-4D83-837A-1C5587B3A921}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{114DF24F-1099-43B8-9B82-0EC6C864DB13}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed hot pursuit\launcher.exe |
"{11FD31BC-E4FA-4AD0-ACB7-A7CEC90C35F0}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{1FD2A456-17EC-4299-B96A-58F43D67154E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{2E08A848-717E-4B8D-B598-79B428F2B4C4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3F72399D-C01E-4BC5-85C4-D12C25C77272}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{42869DA1-E0F5-4D38-9E3E-2AF1DB5AE6B9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{430F6417-A4DD-48CC-9BD3-CBA14F26C28A}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{44342868-3D73-44FA-BDD3-64A7EFE3A04B}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4A5472B9-3578-4E67-BD01-F1FE342569E9}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{4B5D3EF6-6BC8-479B-A243-69EF25805635}" = protocol=1 | dir=out |
[email protected],-28544 |
"{4EBEC4C7-740C-44C1-8EF5-5FDBF8E52534}" = protocol=58 | dir=out |
[email protected],-28546 |
"{536345A6-F1B4-49B5-A957-9A5EAF8DBD9A}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5D2D0CA5-6A05-45CB-816C-19D5F45A27E2}" = protocol=58 | dir=in |
[email protected],-28545 |
"{612AF9FC-6F05-4E2D-B8E5-719DAD23C1ED}" = protocol=6 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.patch.exe |
"{6CCEDC8C-664E-43DA-ADF9-3E669495EF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6EAB8B78-A30F-4833-95A2-FE15124AA009}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{7292840C-24E1-4264-B5C3-4AFDE0C66301}" = protocol=6 | dir=in | app=c:\windows\temp\~ose2b1.tmp\rlvknlg.exe |
"{732FC506-AF46-481A-BDF2-FC9FD3D380BE}" = protocol=17 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.patch.exe |
"{7DC15447-5054-4F61-BAE4-79416ABD6958}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{80D9A219-8BC8-418C-824A-E6DA52BD1A95}" = protocol=6 | dir=in | app=f:\gamez\dirt.3-skidrow\dirt3 installed\dirt3_game.exe |
"{85B13121-72CF-48CF-B0A3-4A51101095EC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{89B5F2B7-8386-4051-9F32-CAAB81BDB5B5}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{8CA0EEEA-7255-4B9C-98D3-B481D1DBBF71}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90BED7ED-8C96-4CA1-A0EA-CC98C0BBA899}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{B4DF286B-FC92-4C41-92F4-E0F099D27666}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B9BC12DC-7350-4DAC-B0CB-2C6B3925FAB2}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{BC26A1C8-286E-4976-98BE-4A4126708338}" = protocol=17 | dir=in | app=f:\gamez\dirt.3-skidrow\dirt3 installed\dirt3_game.exe |
"{C67EDF18-4B0F-4DAB-8334-E91CDA997A95}" = protocol=6 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.exe |
"{CC63F159-B075-4D4F-912C-0F241A29E702}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DF90E07B-C3E3-48DD-B928-91FB88294413}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DFC2E433-650E-46F5-ABEA-580C121F46C7}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{E952D891-19F4-4463-9E1A-8C85D40D6BB7}" = protocol=1 | dir=in |
[email protected],-28543 |
"{EDA042D6-949C-476E-88FC-11068DE3A83C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F551680D-F224-4683-BFA9-EFC20B829A70}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{F92719A4-E013-43DD-B137-7BE10165A9E2}" = protocol=17 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.exe |
"{FB07E3FD-B0A1-49A3-AA9A-FC24F82D0257}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{FE9B5860-B2FC-404F-B90F-1FB3AC7FF033}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed hot pursuit\launcher.exe |
"TCP Query User{0EC55E5C-F181-43AA-BE3D-A0B30DFD0A0B}G:\applications\verizon v cast media manager\verizon.exe" = protocol=6 | dir=in | app=g:\applications\verizon v cast media manager\verizon.exe |
"TCP Query User{0FBC858A-CE7E-4531-9249-CF0DABD97284}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{490100C7-C2A7-428C-9D17-A33933516F24}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{525CAB81-74A3-4770-8767-49980C9B70D9}C:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe |
"TCP Query User{5B17FA18-C234-457C-BEE6-BE0745E42DDC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{633818D5-1161-4193-A815-8F618C5F78DA}C:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{8C7D3C99-8B86-4ACA-A639-9FAC705042DF}G:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{8D491CD2-7278-4896-875A-C69E299BC478}C:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest ii\eq2voiceservice.exe |
"TCP Query User{9596DBB5-6396-4451-BFD4-213D703D59E0}C:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe |
"TCP Query User{9FA790F5-EA02-4E4B-83A2-A6CB9DB11FC4}F:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{A6B79682-6DD4-4B99-8323-97D7F43290F8}F:\gamez\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{AA919C36-70BE-4EFF-9F60-5D93A38D06D9}C:1\gamez\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:1\gamez\wow\world of warcraft\launcher.exe |
"TCP Query User{AA97FD04-8EE4-4369-9AC3-FF0D4E256A57}F:\gamez\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{C86E10D0-5F03-4482-81DA-9EF6A447431C}C:\program files (x86)\electronic arts\need for speed hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed hot pursuit\nfs11.exe |
"TCP Query User{D246BBF5-F4C4-4642-AEAC-6E742BE46807}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{D491752F-11C7-4E3D-81DA-40830CE32410}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{D6CD26E0-4387-4DA3-A4FE-4AC3DED60758}F:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=f:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe |
"TCP Query User{E20A9DD5-FC98-497D-8C2C-E883F8473503}G:\ts phone\lite\mml.exe" = protocol=6 | dir=in | app=g:\ts phone\lite\mml.exe |
"TCP Query User{E735606C-EA11-4598-8D88-372ED4C19CFF}F:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe |
"TCP Query User{FEE92155-8D47-4235-B09A-28ECFC3809AF}C:\program files (x86)\sony\everquest ii\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest ii\launchpad.exe |
"UDP Query User{0DD4ABC8-4B75-4038-B92F-6FFF12FCCCCB}C:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe |
"UDP Query User{1E87E186-F175-4CBD-871D-B14F432D2965}F:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe |
"UDP Query User{21DDDD4D-1E4C-4BAE-AF9A-78BC2D32F3C7}C:\program files (x86)\electronic arts\need for speed hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed hot pursuit\nfs11.exe |
"UDP Query User{2DDC2D0D-84CF-4C55-97F7-632C7BA2F50A}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{4BEB5E8E-C12E-4777-8E4B-CC400AA12794}C:1\gamez\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:1\gamez\wow\world of warcraft\launcher.exe |
"UDP Query User{51F29832-2F62-4D92-8554-5158FD4F881F}F:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=f:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe |
"UDP Query User{665A4F48-C52D-4945-898F-104C2D4D623F}C:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest ii\eq2voiceservice.exe |
"UDP Query User{6829E473-B238-4791-A79B-98225EF59B9F}C:\program files (x86)\sony\everquest ii\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest ii\launchpad.exe |
"UDP Query User{6C5E1536-A115-4539-B03B-B10359F67F20}F:\gamez\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{87EBCE2A-D41F-4765-84A6-201B19BE6A39}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{8E606DF0-0526-46A1-A56E-8CC540DB1198}C:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{9B28B17A-2BE5-4EE9-BF3B-9455535AAEEC}G:\ts phone\lite\mml.exe" = protocol=17 | dir=in | app=g:\ts phone\lite\mml.exe |
"UDP Query User{A28EA26B-6D30-4250-992A-EA277AA9616F}F:\gamez\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{B3B34C5E-EA4D-4619-9213-0BE7A6D2C7D9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C8A365BE-A7FD-4C19-968F-201F63755257}F:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{C8DC13BA-8184-4B27-9D9B-93048C15A210}G:\applications\verizon v cast media manager\verizon.exe" = protocol=17 | dir=in | app=g:\applications\verizon v cast media manager\verizon.exe |
"UDP Query User{D1E0D9DC-4734-4333-B4F0-F4862E4AD28D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D9FB37F7-E34B-4C29-A514-D345AAD48B1C}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{DB56330E-5FFF-491A-A038-B78D6E6F3BB7}C:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe |
"UDP Query User{E123794F-11E2-4CD0-84B4-DE9602C4F453}G:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2B16A37-6F22-6F71-FED4-773C09CF4602}" = ATI Catalyst Install Manager
"{ABCA4D9C-6FBB-FEBC-DB27-CBA018529D8D}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 29
"{277F41AC-1A48-535A-B01D-DC122D9BACD5}" = Skins
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E932E56-09ED-EBB9-CF60-5FF5F767CA73}" = Catalyst Control Center Graphics Full New
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4957E341-3C94-5D88-4592-CC90888FB5A6}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{626E44DE-8E53-7570-CFDB-06EBF8595CA8}" = Application Profiles
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{8048CA89-D6EA-C1EA-E477-2DA5B0739166}" = Catalyst Control Center Graphics Previews Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D24AD6D-25B8-980F-D153-46785DF73EAF}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA5F2BD4-9D75-755E-ED99-4002597B5C6F}" = Catalyst Control Center Graphics Previews Vista
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF1C0686-E2EB-37BA-01FC-BED04845DFE8}" = Catalyst Control Center HydraVision Full
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C93A8A74-ECF5-EE9A-2B67-B2DAB86FEFEA}" = Catalyst Control Center Core Implementation
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E710D350-2F56-3084-070A-133742C77AFE}" = Catalyst Control Center Graphics Full Existing
"{ECD81E39-A85F-ECAE-2F3E-8CAC79C5F4F6}" = CCC Help English
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Edimax Wireless LAN
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"facemoods" = Facemoods Toolbar
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.3
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HoldemManager" = Holdem Manager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"OpenAL" = OpenAL
"Perpetuum" = Perpetuum
"PostgreSQL 8.4" = PostgreSQL 8.4
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"uTorrent" = µTorrent
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 4/21/2012 5:47:29 PM | Computer Name = Querrie-PC | Source = PostgreSQL | ID = 0
Description = 2012-04-21 17:47:29 EDTFATAL: the database system is starting up
Error - 4/21/2012 5:48:54 PM | Computer Name = Querrie-PC | Source = WinMgmt | ID = 10
Description =
Error - 4/21/2012 5:51:13 PM | Computer Name = Querrie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 4/21/2012 6:22:25 PM | Computer Name = Querrie-PC | Source = EventSystem | ID = 4609
Description =
Error - 4/21/2012 6:23:07 PM | Computer Name = Querrie-PC | Source = WinMgmt | ID = 10
Description =
Error - 4/21/2012 7:30:54 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
Error - 4/21/2012 7:30:54 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 4/21/2012 7:30:56 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.
Error - 4/21/2012 7:30:56 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).
Error - 4/21/2012 7:39:59 PM | Computer Name = Querrie-PC | Source = System Restore | ID = 8193
Description =
[ Media Center Events ]
Error - 5/6/2010 8:42:24 PM | Computer Name = Querrie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/17/2010 8:26:47 PM | Computer Name = Querrie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/1/2010 8:17:46 PM | Computer Name = Querrie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ OSession Events ]
Error - 6/12/2011 1:21:32 AM | Computer Name = Querrie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 720 seconds with 660 seconds of active time. This session ended with a crash.
Error - 6/12/2011 1:31:00 AM | Computer Name = Querrie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 559 seconds with 540 seconds of active time. This session ended with a crash.
Error - 10/20/2011 10:41:47 PM | Computer Name = Querrie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1427
seconds with 900 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 4/21/2012 5:50:31 PM | Computer Name = Querrie-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 4/21/2012 5:51:05 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10010
Description =
Error - 4/21/2012 5:51:17 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10010
Description =
Error - 4/21/2012 6:17:52 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10010
Description =
Error - 4/21/2012 6:22:16 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =
Error - 4/21/2012 6:22:25 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =
Error - 4/21/2012 6:22:37 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =
Error - 4/21/2012 6:23:00 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =
Error - 4/21/2012 6:23:09 PM | Computer Name = Querrie-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 4/21/2012 6:23:09 PM | Computer Name = Querrie-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
OTL logfile created on: 4/21/2012 7:38:33 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 7.04 Gb Available Physical Memory | 88.08% Memory free
16.05 Gb Paging File | 15.35 Gb Available in Paging File | 95.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 0.63 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 1.87 Gb Total Space | 0.72 Gb Free Space | 38.78% Space Free | Partition Type: FAT
Drive G: | 931.51 Gb Total Space | 415.61 Gb Free Space | 44.62% Space Free | Partition Type: NTFS
Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:
64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
========== Driver Services (SafeList) ========== DRV:
64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:
64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:
64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2009/06/10 10:38:32 | 000,393,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)
DRV:
64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2008/10/31 03:00:24 | 000,085,936 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:
64bit: - [2007/12/06 13:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:
64bit: - [2005/03/29 05:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://woot.com/IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
http://woot.com/IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...&rlz=1I7ADSA_enIE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" =
http://www.bing.com/...039&form=ZGAIDFIE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\
[email protected]: C:\Users\BQfromNY\AppData\Roaming\IDM\idmmzcc5
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Facemoods = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: ICE Quick Stream = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.9_0\
CHR - Extension: Poppit = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2010/07/25 00:26:50 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:
64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:
64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\RunOnce: [snoylfpe] C:\Users\BQfromNY\AppData\Local\snoylfpe.exe ()
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: NameServer = 208.67.220.222,208.67.220.220
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: convlwiz - (C:\Windows\system32\RmCllist.dll) - File not found
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ========== [2012/04/21 19:36:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
[2012/04/21 03:48:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com
[2012/04/21 03:48:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr
[2012/04/21 02:42:05 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe
[2012/04/20 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\virus
[2012/04/07 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52}
[2012/04/02 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RatioMaster.NET
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\BQfromNY\Desktop\*.tmp files -> C:\Users\BQfromNY\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/04/21 19:40:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe
[2012/04/21 19:39:48 | 000,001,356 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat
[2012/04/21 19:37:26 | 000,724,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/21 19:37:26 | 000,617,510 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/21 19:37:26 | 000,109,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
[2012/04/21 18:34:21 | 000,001,460 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps64.dat
[2012/04/21 18:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 18:19:47 | 000,407,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/21 18:19:18 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:19:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000UA.job
[2012/04/21 17:48:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 12:10:39 | 000,215,040 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 03:48:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com
[2012/04/21 03:48:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr
[2012/04/21 02:42:04 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe
[2012/04/21 01:20:54 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 23:45:52 | 001,008,141 | ---- | M] () -- C:\Users\BQfromNY\Desktop\iexplorer.com
[2012/04/20 22:55:24 | 000,381,952 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\snoylfpe.exe
[2012/04/20 22:34:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 07:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000Core.job
[2012/04/16 08:46:46 | 000,358,544 | ---- | M] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent
[2012/04/13 19:24:20 | 111,762,379 | ---- | M] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 17:13:43 | 018,283,464 | ---- | M] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf
[2012/03/30 15:18:26 | 000,000,545 | ---- | M] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk
[2012/03/30 14:03:06 | 038,146,728 | ---- | M] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\BQfromNY\Desktop\*.tmp files -> C:\Users\BQfromNY\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/04/21 01:20:54 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 23:57:39 | 001,008,141 | ---- | C] () -- C:\Users\BQfromNY\Desktop\iexplorer.com
[2012/04/20 22:55:24 | 000,381,952 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\snoylfpe.exe
[2012/04/16 08:46:52 | 000,358,544 | ---- | C] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent
[2012/04/13 15:27:53 | 111,762,379 | ---- | C] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar
[2012/04/02 17:12:36 | 018,283,464 | ---- | C] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf
[2012/03/31 01:13:15 | 038,146,728 | ---- | C] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4
[2012/03/30 15:18:26 | 000,000,545 | ---- | C] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk
[2012/02/11 18:55:13 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/29 10:30:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/24 11:16:42 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2011/09/24 13:59:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/08 19:17:26 | 000,000,129 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/18 23:59:47 | 000,002,626 | -HS- | C] () -- C:\ProgramData\s121uq0at7k5v60wwl08sp5t287if7yru6nw52
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/18 22:54:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/24 13:57:12 | 000,001,714 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\SAS7_000.DAT
[2010/12/19 09:01:02 | 000,001,356 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat
[2010/12/04 00:31:42 | 000,000,745 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\AtomicAlarmClock.ini
[2010/07/20 20:47:50 | 000,001,483 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/05/22 03:03:34 | 000,000,004 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\kqyvwo.dat
========== LOP Check ========== [2011/11/27 00:24:44 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\DMCache
[2011/02/02 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Easeware
[2012/04/08 22:40:19 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FileZilla
[2010/03/07 03:39:23 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FLV Extract
[2010/11/03 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\HEM Data
[2010/02/12 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Libronix DLS
[2011/10/03 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\motorola
[2011/02/04 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\RIFT
[2011/10/31 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Temp
[2011/12/25 02:04:12 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\TS3Client
[2011/12/16 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\ts3overlay
[2010/03/26 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\UnknownApplicationVendor
[2012/04/19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\uTorrent
[2011/01/12 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\wargaming.net
[2011/06/08 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Xilisoft
[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/04/21 18:19:51 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX6\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX7\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX8\procs\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX6\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX7\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX8\h\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < type c:\diskreport.txt /c >Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: QUERRIE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D Audio CD CDFS DVD-ROM 658 MB Healthy
Volume 1 C NTFS Partition 75 GB Healthy System
Volume 2 G Terabyte NTFS Partition 932 GB Healthy
Volume 3 E FAT Removable 1912 MB Healthy
========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 19:48:51
-----------------------------
19:48:51.063 OS Version: Windows x64 6.0.6002 Service Pack 2
19:48:51.063 Number of processors: 4 586 0x170A
19:48:51.078 ComputerName: QUERRIE-PC UserName: BQfromNY
19:48:51.437 Initialize success
19:49:50.686 AVAST engine defs: 12042101
19:50:42.961 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
19:50:42.961 Disk 0 Vendor: WDC_WD800AAJS-55M0A0 01.03E01 Size: 76319MB BusType: 3
19:50:42.961 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-a
19:50:42.961 Disk 1 Vendor: WDC_WD1002FAEX-007BA0 05.01D05 Size: 953869MB BusType: 3
19:50:42.977 Disk 0 MBR read successfully
19:50:42.977 Disk 0 MBR scan
19:50:42.977 Disk 0 Windows VISTA default MBR code
19:50:42.977 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
19:50:42.993 Disk 0 scanning C:\Windows\system32\drivers
19:50:51.027 Service scanning
19:51:13.272 Modules scanning
19:51:13.272 Disk 0 trace - called modules:
19:51:13.288 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:51:13.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c9d060]
19:51:13.303 3 CLASSPNP.SYS[fffffa6000fd0c33] -> nt!IofCallDriver -> [0xfffffa80079c3520]
19:51:13.303 5 acpi.sys[fffffa60008cafde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0xfffffa8007958940]
19:51:14.271 AVAST engine scan C:\Windows
19:51:16.345 AVAST engine scan C:\Windows\system32
19:54:56.586 AVAST engine scan C:\Windows\system32\drivers
19:55:05.541 AVAST engine scan C:\Users\BQfromNY
19:57:25.761 File: C:\Users\BQfromNY\AppData\Local\snoylfpe.exe **INFECTED** Win32:FakeAlert-CKJ [Trj]
19:59:28.658 AVAST engine scan C:\ProgramData
20:02:31.740 Scan finished successfully
20:04:04.076 Disk 0 MBR has been saved successfully to "C:\Users\BQfromNY\Desktop\MBR.dat"
20:04:04.076 The log file has been saved successfully to "C:\Users\BQfromNY\Desktop\aswMBR.txt"