Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I can't get rid of Security Shield 2012

Started by BQfromNY , Apr 21 2012 03:35 PM

  • Please log in to reply

#1
BQfromNY
Posted 21 April 2012 - 03:35 PM

BQfromNY

    New Member

  • Member
  • Pip
  • 6 posts
I somehow got infected by Security Shield 2012, and cant seem to remove it. I tried to remove it myself with MalwareBytes and Supersantipyware but neither were able to find the virus. I can not get online unless Iam in safe mode.

Here is some some DDS logs to get yha started. Ill await your reply to run anything else.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by BQfromNY at 3:49:57 on 2012-04-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5723 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://woot.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = 192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Google Update] "C:\Users\BQfromNY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [snoylfpe] C:\Users\BQfromNY\AppData\Local\snoylfpe.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE
mRunOnce: [Malwarebytes Anti-Malware] G:\Applications\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678} : NameServer = 208.67.220.222,208.67.220.220
TCP: Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE
mRunOnce-x64: [Malwarebytes Anti-Malware] G:\Applications\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-1 136176]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe [2010-2-5 53760]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-1 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-5 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-21 02:55:24 381952 ----a-w- C:\Users\BQfromNY\AppData\Local\snoylfpe.exe
2012-04-21 02:12:14 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9057EADD-983E-4356-A0FD-11BDE412FE8C}\mpengine.dll
2012-04-11 07:03:20 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-11 07:03:10 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 07:03:10 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 07:03:10 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 07:03:10 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 07:03:10 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 07:03:10 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 07:03:10 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 01:26:39 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 01:26:39 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-04-08 00:57:38 -------- d-----w- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52}
.
==================== Find3M ====================
.
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 3:50:53.74 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/5/2010 7:26:10 PM
System Uptime: 4/21/2012 1:12:48 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5E Deluxe
Processor: Intel® Core™2 Quad CPU Q9650 @ 3.00GHz | LGA775 | 3005/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 0.708 GiB free.
D: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is FIXED (NTFS) - 932 GiB total, 402.934 GiB free.
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: isatap.rochester.rr.com
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_82771043&REV_02\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP1175: 4/19/2012 8:43:36 PM - Windows Update
RP1176: 4/20/2012 10:11:33 PM - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.5
aioscnnr
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Application Profiles
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
ccc-core-static
CCC Help English
center
D3DX10
DHTML Editing Component
DiRT 3
DivX Web Player
Edimax Wireless LAN
ESET Online Scanner v3
essentials
Facemoods Toolbar
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.5.3
Google Chrome
Google Update Helper
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
HydraVision
Java Auto Updater
Java™ 6 Update 29
JDownloader 0.9
Junk Mail filter update
K-Lite Codec Pack 7.7.0 (Basic)
KODAK AiO Software
ksDIP
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MotoHelper MergeModules
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTX
NVIDIA PhysX
ocr
OpenAL
Perpetuum
PostgreSQL 8.4
PowerISO
PreReq
Quicken 2011
QuickTime
Rapture3D 2.4.8 Game
RIFT
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Segoe UI
Skins
Star Wars: The Old Republic
System Requirements Lab
TeamSpeak 3 Client
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnyiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Verizon V CAST Media Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
World of Warcraft
Xilisoft Video Converter Ultimate 6
.
==== Event Viewer Messages From Past Week ========
.
4/21/2012 1:16:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/21/2012 1:15:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO i8042prt MpFilter SABKUTIL SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6
4/21/2012 1:15:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/21/2012 1:15:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/21/2012 1:15:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/21/2012 1:14:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/21/2012 1:04:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
4/21/2012 1:02:55 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/20/2012 7:45:32 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001F1F1D3D39 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/20/2012 11:26:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO DfsC i8042prt MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss SABKUTIL SASDIFSV SASKUTIL SCDEmu Smb spldr tdx Wanarpv6 ws2ifsl
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2012 11:26:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/20/2012 11:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/20/2012 11:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/20/2012 11:25:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/20/2012 11:22:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/17/2012 9:16:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001F1F1D3D39 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
  • 0

Advertisements

#2
Nedklaw
Posted 21 April 2012 - 03:40 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, BQfromNY! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for BQfromNY only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Posted Image Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt
  • 0

#3
BQfromNY
Posted 21 April 2012 - 05:47 PM

BQfromNY

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Awsome! Im doign what you asked now.. I will be checking my post regularly for replies... Im willing to get this done tonight if you are!
  • 0

#4
BQfromNY
Posted 21 April 2012 - 06:04 PM

BQfromNY

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
*note* qall ran in safe mode


OTL Extras logfile created on: 4/21/2012 7:38:33 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.04 Gb Available Physical Memory | 88.08% Memory free
16.05 Gb Paging File | 15.35 Gb Available in Paging File | 95.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 0.63 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 1.87 Gb Total Space | 0.72 Gb Free Space | 38.78% Space Free | Partition Type: FAT
Drive G: | 931.51 Gb Total Space | 415.61 Gb Free Space | 44.62% Space Free | Partition Type: NTFS

Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Applications\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 45 24 2A 63 E3 A6 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08804478-7A0F-416D-B91A-3607C407C506}" = rport=445 | protocol=6 | dir=out | app=system |
"{1E39B470-43F4-4C7F-BD03-6623581090B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3564ABA3-3F3B-4853-9F1B-8871EE69D1F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{40C1D9C4-8D21-444B-AFDF-A34175946CBE}" = rport=138 | protocol=17 | dir=out | app=system |
"{514D187C-B02C-43F7-A235-99FDACF1ED57}" = lport=139 | protocol=6 | dir=in | app=system |
"{55FAC87B-F590-4603-ACCB-60213C849C5F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A4B7F4C-882F-44D3-9E73-485BDF63944C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6EEE7F2A-38D3-46C5-B2F2-DE820791AD34}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{6F4D4859-BFBA-4263-B9BE-531A339D9DF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{814158A0-A603-40DA-9481-E60912CDBD43}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{868B76FD-8B85-4BEF-B3B5-CBC26FEB3CC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{95A3C971-6E67-4CB5-8CEB-8B2D7EA44B38}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{95B402B8-E14D-431F-85EE-1C4CA881CAFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{95E29772-5C71-44EA-867F-EDBB6DEEFFED}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{B181EDA0-FB60-42CF-8C9A-934F440D73C6}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{D26A4A4D-D8AD-47DE-A0A3-708D6F58396F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{D63642AA-422A-480C-9607-0644C17B70C5}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9FF27C3-C097-4BBD-A35E-D4E71FEDE949}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FA0F8B32-768E-4D9C-AD84-A1300E70DE82}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{FF0D110F-43D1-40B5-A1A7-C2E181B74F0A}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FC05018-5CB8-4D83-837A-1C5587B3A921}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{114DF24F-1099-43B8-9B82-0EC6C864DB13}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{11FD31BC-E4FA-4AD0-ACB7-A7CEC90C35F0}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{1FD2A456-17EC-4299-B96A-58F43D67154E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{2E08A848-717E-4B8D-B598-79B428F2B4C4}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{3F72399D-C01E-4BC5-85C4-D12C25C77272}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{42869DA1-E0F5-4D38-9E3E-2AF1DB5AE6B9}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{430F6417-A4DD-48CC-9BD3-CBA14F26C28A}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{44342868-3D73-44FA-BDD3-64A7EFE3A04B}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4A5472B9-3578-4E67-BD01-F1FE342569E9}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{4B5D3EF6-6BC8-479B-A243-69EF25805635}" = protocol=1 | dir=out | [email protected],-28544 |
"{4EBEC4C7-740C-44C1-8EF5-5FDBF8E52534}" = protocol=58 | dir=out | [email protected],-28546 |
"{536345A6-F1B4-49B5-A957-9A5EAF8DBD9A}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5D2D0CA5-6A05-45CB-816C-19D5F45A27E2}" = protocol=58 | dir=in | [email protected],-28545 |
"{612AF9FC-6F05-4E2D-B8E5-719DAD23C1ED}" = protocol=6 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.patch.exe |
"{6CCEDC8C-664E-43DA-ADF9-3E669495EF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6EAB8B78-A30F-4833-95A2-FE15124AA009}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{7292840C-24E1-4264-B5C3-4AFDE0C66301}" = protocol=6 | dir=in | app=c:\windows\temp\~ose2b1.tmp\rlvknlg.exe |
"{732FC506-AF46-481A-BDF2-FC9FD3D380BE}" = protocol=17 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.patch.exe |
"{7DC15447-5054-4F61-BAE4-79416ABD6958}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{80D9A219-8BC8-418C-824A-E6DA52BD1A95}" = protocol=6 | dir=in | app=f:\gamez\dirt.3-skidrow\dirt3 installed\dirt3_game.exe |
"{85B13121-72CF-48CF-B0A3-4A51101095EC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{89B5F2B7-8386-4051-9F32-CAAB81BDB5B5}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{8CA0EEEA-7255-4B9C-98D3-B481D1DBBF71}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{90BED7ED-8C96-4CA1-A0EA-CC98C0BBA899}" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{B4DF286B-FC92-4C41-92F4-E0F099D27666}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B9BC12DC-7350-4DAC-B0CB-2C6B3925FAB2}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{BC26A1C8-286E-4976-98BE-4A4126708338}" = protocol=17 | dir=in | app=f:\gamez\dirt.3-skidrow\dirt3 installed\dirt3_game.exe |
"{C67EDF18-4B0F-4DAB-8334-E91CDA997A95}" = protocol=6 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.exe |
"{CC63F159-B075-4D4F-912C-0F241A29E702}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{DF90E07B-C3E3-48DD-B928-91FB88294413}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DFC2E433-650E-46F5-ABEA-580C121F46C7}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{E952D891-19F4-4463-9E1A-8C85D40D6BB7}" = protocol=1 | dir=in | [email protected],-28543 |
"{EDA042D6-949C-476E-88FC-11068DE3A83C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F551680D-F224-4683-BFA9-EFC20B829A70}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{F92719A4-E013-43DD-B137-7BE10165A9E2}" = protocol=17 | dir=in | app=f:\gamez\wow\world of warcraft\launcher.exe |
"{FB07E3FD-B0A1-49A3-AA9A-FC24F82D0257}" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\launcher.exe |
"{FE9B5860-B2FC-404F-B90F-1FB3AC7FF033}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"TCP Query User{0EC55E5C-F181-43AA-BE3D-A0B30DFD0A0B}G:\applications\verizon v cast media manager\verizon.exe" = protocol=6 | dir=in | app=g:\applications\verizon v cast media manager\verizon.exe |
"TCP Query User{0FBC858A-CE7E-4531-9249-CF0DABD97284}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{490100C7-C2A7-428C-9D17-A33933516F24}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{525CAB81-74A3-4770-8767-49980C9B70D9}C:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe" = protocol=6 | dir=in | app=c:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe |
"TCP Query User{5B17FA18-C234-457C-BEE6-BE0745E42DDC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{633818D5-1161-4193-A815-8F618C5F78DA}C:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"TCP Query User{8C7D3C99-8B86-4ACA-A639-9FAC705042DF}G:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=g:\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{8D491CD2-7278-4896-875A-C69E299BC478}C:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest ii\eq2voiceservice.exe |
"TCP Query User{9596DBB5-6396-4451-BFD4-213D703D59E0}C:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe |
"TCP Query User{9FA790F5-EA02-4E4B-83A2-A6CB9DB11FC4}F:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=f:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{A6B79682-6DD4-4B99-8323-97D7F43290F8}F:\gamez\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=6 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\worldoftanks.exe |
"TCP Query User{AA919C36-70BE-4EFF-9F60-5D93A38D06D9}C:1\gamez\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:1\gamez\wow\world of warcraft\launcher.exe |
"TCP Query User{AA97FD04-8EE4-4369-9AC3-FF0D4E256A57}F:\gamez\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=6 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\wotlauncher.exe |
"TCP Query User{C86E10D0-5F03-4482-81DA-9EF6A447431C}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"TCP Query User{D246BBF5-F4C4-4642-AEAC-6E742BE46807}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{D491752F-11C7-4E3D-81DA-40830CE32410}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"TCP Query User{D6CD26E0-4387-4DA3-A4FE-4AC3DED60758}F:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=f:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe |
"TCP Query User{E20A9DD5-FC98-497D-8C2C-E883F8473503}G:\ts phone\lite\mml.exe" = protocol=6 | dir=in | app=g:\ts phone\lite\mml.exe |
"TCP Query User{E735606C-EA11-4598-8D88-372ED4C19CFF}F:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe" = protocol=6 | dir=in | app=f:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe |
"TCP Query User{FEE92155-8D47-4235-B09A-28ECFC3809AF}C:\program files (x86)\sony\everquest ii\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\everquest ii\launchpad.exe |
"UDP Query User{0DD4ABC8-4B75-4038-B92F-6FFF12FCCCCB}C:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin64\crysis64.exe |
"UDP Query User{1E87E186-F175-4CBD-871D-B14F432D2965}F:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe" = protocol=17 | dir=in | app=f:\gamez\the.witcher.2.assassins.of.kings-skidrow\installed\bin\witcher2.exe |
"UDP Query User{21DDDD4D-1E4C-4BAE-AF9A-78BC2D32F3C7}C:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\nfs11.exe |
"UDP Query User{2DDC2D0D-84CF-4C55-97F7-632C7BA2F50A}C:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{4BEB5E8E-C12E-4777-8E4B-CC400AA12794}C:1\gamez\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:1\gamez\wow\world of warcraft\launcher.exe |
"UDP Query User{51F29832-2F62-4D92-8554-5158FD4F881F}F:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=f:\gamez\call.of.duty.black.ops-skidrow\black opps installed\call of duty - black ops\blackops.exe |
"UDP Query User{665A4F48-C52D-4945-898F-104C2D4D623F}C:\program files (x86)\sony\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest ii\eq2voiceservice.exe |
"UDP Query User{6829E473-B238-4791-A79B-98225EF59B9F}C:\program files (x86)\sony\everquest ii\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\everquest ii\launchpad.exe |
"UDP Query User{6C5E1536-A115-4539-B03B-B10359F67F20}F:\gamez\world_of_tanks_closed_beta\wotlauncher.exe" = protocol=17 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\wotlauncher.exe |
"UDP Query User{87EBCE2A-D41F-4765-84A6-201B19BE6A39}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{8E606DF0-0526-46A1-A56E-8CC540DB1198}C:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\profiles\mechwarrior mercenaries - mektek mekpak\mw4mercs.exe |
"UDP Query User{9B28B17A-2BE5-4EE9-BF3B-9455535AAEEC}G:\ts phone\lite\mml.exe" = protocol=17 | dir=in | app=g:\ts phone\lite\mml.exe |
"UDP Query User{A28EA26B-6D30-4250-992A-EA277AA9616F}F:\gamez\world_of_tanks_closed_beta\worldoftanks.exe" = protocol=17 | dir=in | app=f:\gamez\world_of_tanks_closed_beta\worldoftanks.exe |
"UDP Query User{B3B34C5E-EA4D-4619-9213-0BE7A6D2C7D9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C8A365BE-A7FD-4C19-968F-201F63755257}F:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=f:\gamez\wow\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{C8DC13BA-8184-4B27-9D9B-93048C15A210}G:\applications\verizon v cast media manager\verizon.exe" = protocol=17 | dir=in | app=g:\applications\verizon v cast media manager\verizon.exe |
"UDP Query User{D1E0D9DC-4734-4333-B4F0-F4862E4AD28D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D9FB37F7-E34B-4C29-A514-D345AAD48B1C}C:\program files (x86)\mektek.net\mtx\mtx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mektek.net\mtx\mtx.exe |
"UDP Query User{DB56330E-5FFF-491A-A038-B78D6E6F3BB7}C:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe" = protocol=17 | dir=in | app=c:\users\bqfromny\desktop\ratiomaster.net\ratiomaster.net.exe |
"UDP Query User{E123794F-11E2-4CD0-84B4-DE9602C4F453}G:\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=g:\games\star wars-the old republic\betatest\retailclient\swtor.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2B16A37-6F22-6F71-FED4-773C09CF4602}" = ATI Catalyst Install Manager
"{ABCA4D9C-6FBB-FEBC-DB27-CBA018529D8D}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DF638A-D61C-4893-B8B9-845900C03163}" = TurboTax 2010 wnyiper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DDEE14-1A97-196F-B33B-5F069C929ACA}" = HydraVision
"{1D0C8FEA-F9E6-4272-8465-58903F1946D0}" = TurboTax 2011 wnyiper
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 29
"{277F41AC-1A48-535A-B01D-DC122D9BACD5}" = Skins
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E932E56-09ED-EBB9-CF60-5FF5F767CA73}" = Catalyst Control Center Graphics Full New
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4957E341-3C94-5D88-4592-CC90888FB5A6}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{626E44DE-8E53-7570-CFDB-06EBF8595CA8}" = Application Profiles
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{8048CA89-D6EA-C1EA-E477-2DA5B0739166}" = Catalyst Control Center Graphics Previews Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D24AD6D-25B8-980F-D153-46785DF73EAF}" = ccc-core-static
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA5F2BD4-9D75-755E-ED99-4002597B5C6F}" = Catalyst Control Center Graphics Previews Vista
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AF1C0686-E2EB-37BA-01FC-BED04845DFE8}" = Catalyst Control Center HydraVision Full
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C93A8A74-ECF5-EE9A-2B67-B2DAB86FEFEA}" = Catalyst Control Center Core Implementation
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E710D350-2F56-3084-070A-133742C77AFE}" = Catalyst Control Center Graphics Full Existing
"{ECD81E39-A85F-ECAE-2F3E-8CAC79C5F4F6}" = CCC Help English
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Edimax Wireless LAN
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"facemoods" = Facemoods Toolbar
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.3
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"HoldemManager" = Holdem Manager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"OpenAL" = OpenAL
"Perpetuum" = Perpetuum
"PostgreSQL 8.4" = PostgreSQL 8.4
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"uTorrent" = µTorrent
"Verizon V CAST Media Manager" = Verizon V CAST Media Manager
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2012 5:47:29 PM | Computer Name = Querrie-PC | Source = PostgreSQL | ID = 0
Description = 2012-04-21 17:47:29 EDTFATAL: the database system is starting up

Error - 4/21/2012 5:48:54 PM | Computer Name = Querrie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/21/2012 5:51:13 PM | Computer Name = Querrie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/21/2012 6:22:25 PM | Computer Name = Querrie-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/21/2012 6:23:07 PM | Computer Name = Querrie-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/21/2012 7:30:54 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 4/21/2012 7:30:54 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/21/2012 7:30:56 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x8007043c.

Error - 4/21/2012 7:30:56 PM | Computer Name = Querrie-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 4/21/2012 7:39:59 PM | Computer Name = Querrie-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 5/6/2010 8:42:24 PM | Computer Name = Querrie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/17/2010 8:26:47 PM | Computer Name = Querrie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 8:17:46 PM | Computer Name = Querrie-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 6/12/2011 1:21:32 AM | Computer Name = Querrie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 720 seconds with 660 seconds of active time. This session ended with a crash.

Error - 6/12/2011 1:31:00 AM | Computer Name = Querrie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 559 seconds with 540 seconds of active time. This session ended with a crash.

Error - 10/20/2011 10:41:47 PM | Computer Name = Querrie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1427
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/21/2012 5:50:31 PM | Computer Name = Querrie-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/21/2012 5:51:05 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10010
Description =

Error - 4/21/2012 5:51:17 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10010
Description =

Error - 4/21/2012 6:17:52 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10010
Description =

Error - 4/21/2012 6:22:16 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =

Error - 4/21/2012 6:22:25 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =

Error - 4/21/2012 6:22:37 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =

Error - 4/21/2012 6:23:00 PM | Computer Name = Querrie-PC | Source = DCOM | ID = 10005
Description =

Error - 4/21/2012 6:23:09 PM | Computer Name = Querrie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/21/2012 6:23:09 PM | Computer Name = Querrie-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

OTL logfile created on: 4/21/2012 7:38:33 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.04 Gb Available Physical Memory | 88.08% Memory free
16.05 Gb Paging File | 15.35 Gb Available in Paging File | 95.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 0.63 Gb Free Space | 0.84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 1.87 Gb Total Space | 0.72 Gb Free Space | 38.78% Space Free | Partition Type: FAT
Drive G: | 931.51 Gb Total Space | 415.61 Gb Free Space | 44.62% Space Free | Partition Type: NTFS

Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/10 10:38:32 | 000,393,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/31 03:00:24 | 000,085,936 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2007/12/06 13:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2005/03/29 05:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://woot.com/
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://woot.com/
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\BQfromNY\AppData\Roaming\IDM\idmmzcc5


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Facemoods = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: ICE Quick Stream = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.9_0\
CHR - Extension: Poppit = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2010/07/25 00:26:50 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\RunOnce: [snoylfpe] C:\Users\BQfromNY\AppData\Local\snoylfpe.exe ()
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: NameServer = 208.67.220.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: convlwiz - (C:\Windows\system32\RmCllist.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 19:36:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
[2012/04/21 03:48:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com
[2012/04/21 03:48:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr
[2012/04/21 02:42:05 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe
[2012/04/20 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\virus
[2012/04/07 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52}
[2012/04/02 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RatioMaster.NET
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\BQfromNY\Desktop\*.tmp files -> C:\Users\BQfromNY\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/21 19:40:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe
[2012/04/21 19:39:48 | 000,001,356 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat
[2012/04/21 19:37:26 | 000,724,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/21 19:37:26 | 000,617,510 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/21 19:37:26 | 000,109,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
[2012/04/21 18:34:21 | 000,001,460 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps64.dat
[2012/04/21 18:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 18:19:47 | 000,407,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/21 18:19:18 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:19:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000UA.job
[2012/04/21 17:48:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 12:10:39 | 000,215,040 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 03:48:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com
[2012/04/21 03:48:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr
[2012/04/21 02:42:04 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe
[2012/04/21 01:20:54 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 23:45:52 | 001,008,141 | ---- | M] () -- C:\Users\BQfromNY\Desktop\iexplorer.com
[2012/04/20 22:55:24 | 000,381,952 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\snoylfpe.exe
[2012/04/20 22:34:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 07:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000Core.job
[2012/04/16 08:46:46 | 000,358,544 | ---- | M] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent
[2012/04/13 19:24:20 | 111,762,379 | ---- | M] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 17:13:43 | 018,283,464 | ---- | M] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf
[2012/03/30 15:18:26 | 000,000,545 | ---- | M] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk
[2012/03/30 14:03:06 | 038,146,728 | ---- | M] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\BQfromNY\Desktop\*.tmp files -> C:\Users\BQfromNY\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/21 01:20:54 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 23:57:39 | 001,008,141 | ---- | C] () -- C:\Users\BQfromNY\Desktop\iexplorer.com
[2012/04/20 22:55:24 | 000,381,952 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\snoylfpe.exe
[2012/04/16 08:46:52 | 000,358,544 | ---- | C] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent
[2012/04/13 15:27:53 | 111,762,379 | ---- | C] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar
[2012/04/02 17:12:36 | 018,283,464 | ---- | C] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf
[2012/03/31 01:13:15 | 038,146,728 | ---- | C] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4
[2012/03/30 15:18:26 | 000,000,545 | ---- | C] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk
[2012/02/11 18:55:13 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/29 10:30:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/24 11:16:42 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2011/09/24 13:59:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/08 19:17:26 | 000,000,129 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/18 23:59:47 | 000,002,626 | -HS- | C] () -- C:\ProgramData\s121uq0at7k5v60wwl08sp5t287if7yru6nw52
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/18 22:54:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/24 13:57:12 | 000,001,714 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\SAS7_000.DAT
[2010/12/19 09:01:02 | 000,001,356 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat
[2010/12/04 00:31:42 | 000,000,745 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\AtomicAlarmClock.ini
[2010/07/20 20:47:50 | 000,001,483 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/05/22 03:03:34 | 000,000,004 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\kqyvwo.dat

========== LOP Check ==========

[2011/11/27 00:24:44 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\DMCache
[2011/02/02 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Easeware
[2012/04/08 22:40:19 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FileZilla
[2010/03/07 03:39:23 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FLV Extract
[2010/11/03 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\HEM Data
[2010/02/12 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Libronix DLS
[2011/10/03 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\motorola
[2011/02/04 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\RIFT
[2011/10/31 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Temp
[2011/12/25 02:04:12 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\TS3Client
[2011/12/16 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\ts3overlay
[2010/03/26 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\UnknownApplicationVendor
[2012/04/19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\uTorrent
[2011/01/12 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\wargaming.net
[2011/06/08 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Xilisoft
[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/04/21 18:19:51 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX6\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX7\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX8\procs\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX6\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX7\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\BQfromNY\AppData\Local\Temp\RarSFX8\h\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: QUERRIE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D Audio CD CDFS DVD-ROM 658 MB Healthy
Volume 1 C NTFS Partition 75 GB Healthy System
Volume 2 G Terabyte NTFS Partition 932 GB Healthy
Volume 3 E FAT Removable 1912 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 19:48:51
-----------------------------
19:48:51.063 OS Version: Windows x64 6.0.6002 Service Pack 2
19:48:51.063 Number of processors: 4 586 0x170A
19:48:51.078 ComputerName: QUERRIE-PC UserName: BQfromNY
19:48:51.437 Initialize success
19:49:50.686 AVAST engine defs: 12042101
19:50:42.961 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
19:50:42.961 Disk 0 Vendor: WDC_WD800AAJS-55M0A0 01.03E01 Size: 76319MB BusType: 3
19:50:42.961 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-a
19:50:42.961 Disk 1 Vendor: WDC_WD1002FAEX-007BA0 05.01D05 Size: 953869MB BusType: 3
19:50:42.977 Disk 0 MBR read successfully
19:50:42.977 Disk 0 MBR scan
19:50:42.977 Disk 0 Windows VISTA default MBR code
19:50:42.977 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
19:50:42.993 Disk 0 scanning C:\Windows\system32\drivers
19:50:51.027 Service scanning
19:51:13.272 Modules scanning
19:51:13.272 Disk 0 trace - called modules:
19:51:13.288 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:51:13.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c9d060]
19:51:13.303 3 CLASSPNP.SYS[fffffa6000fd0c33] -> nt!IofCallDriver -> [0xfffffa80079c3520]
19:51:13.303 5 acpi.sys[fffffa60008cafde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0xfffffa8007958940]
19:51:14.271 AVAST engine scan C:\Windows
19:51:16.345 AVAST engine scan C:\Windows\system32
19:54:56.586 AVAST engine scan C:\Windows\system32\drivers
19:55:05.541 AVAST engine scan C:\Users\BQfromNY
19:57:25.761 File: C:\Users\BQfromNY\AppData\Local\snoylfpe.exe **INFECTED** Win32:FakeAlert-CKJ [Trj]
19:59:28.658 AVAST engine scan C:\ProgramData
20:02:31.740 Scan finished successfully
20:04:04.076 Disk 0 MBR has been saved successfully to "C:\Users\BQfromNY\Desktop\MBR.dat"
20:04:04.076 The log file has been saved successfully to "C:\Users\BQfromNY\Desktop\aswMBR.txt"
  • 0

#5
BQfromNY
Posted 21 April 2012 - 09:58 PM

BQfromNY

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
UPDATE:

Now, this is really odd... I was on the computer watching a movie (no passwords needed for that) when all of a sudden I got a blue screen and had to reboot. When I rebooted, MS Essentials notified me that it found and removed a threat. That was about 3 hours ago. Since then, I have not seen any signs of the virus. Iam not claiming to be virus free but either it was caught or it went deeper "underground". I ran a full sccan of Malware bytes and it found nothing. Regardless if it is gone or not - I would still like a very thourough inspection and cleaning please.

Thanks in advance and God Bless
  • 0

#6
Nedklaw
Posted 22 April 2012 - 04:32 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

Drive C: | 74.53 Gb Total Space | 0.63 Gb Free Space | 0.84% Space Free | Partition Type: NTFS

To ensure our tools run properly, the minimum free disk space required is 15%. I advise that you free some space up on drive C by uninstalling unwanted programs and deleting any personal files you don't want.


Step 1

Please uninstall the following programs via Control Panel > Uninstall a program (if present):

  • Facemoods Toolbar
  • µTorrent

I recommend you remove your P2P program, µTorrent. They are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.


Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\RunOnce: [snoylfpe] C:\Users\BQfromNY\AppData\Local\snoylfpe.exe ()
[2011/04/18 23:59:47 | 000,002,626 | -HS- | C] () -- C:\ProgramData\s121uq0at7k5v60wwl08sp5t287if7yru6nw52
[2010/07/20 20:47:50 | 000,001,483 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/05/22 03:03:34 | 000,000,004 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\kqyvwo.dat
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\BQfromNY\Desktop\*.tmp files -> C:\Users\BQfromNY\Desktop\*.tmp -> ] 

:Files
C:\Program Files (x86)\facemoods.com
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 4

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • 0

#7
BQfromNY
Posted 22 April 2012 - 01:55 PM

BQfromNY

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the help. I


- I had a crash about 2 years ago and just to get my computer up I bought a small hard drive (drive C). I only have the essentials on that drive. I no longer have the CD to my old Windows Office '07 and the rest are windows programs. If you can instruct me how to move those files to my G drive I can. Otherwise, I simply dont know how I can free up more space.

- I did not disable malware bytes for I do NOT have the paid version



Logs you requested:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods not found.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe not found.
Registry value HKEY_USERS\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\snoylfpe not found.
File C:\Users\BQfromNY\AppData\Local\snoylfpe.exe not found.
C:\ProgramData\s121uq0at7k5v60wwl08sp5t287if7yru6nw52 moved successfully.
C:\Windows\lsrslt.ini moved successfully.
C:\Users\BQfromNY\AppData\Roaming\kqyvwo.dat moved successfully.
C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp deleted successfully.
C:\Windows\SysWow64\tmp53A2.tmp deleted successfully.
C:\Windows\SysWow64\tmp53A3.tmp deleted successfully.
C:\Users\BQfromNY\Desktop\~WRL0005.tmp deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\facemoods.com not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\BQfromNY\Desktop\cmd.bat deleted successfully.
C:\Users\BQfromNY\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BQfromNY
->Temp folder emptied: 152286083 bytes
->Temporary Internet Files folder emptied: 298829735 bytes
->Java cache emptied: 11619987 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 2606 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33416 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 169749 bytes
->Temporary Internet Files folder emptied: 2124922 bytes
->Flash cache emptied: 42076 bytes

User: Other Peepz
->Temp folder emptied: 3851133 bytes
->Temporary Internet Files folder emptied: 1239319493 bytes
->Java cache emptied: 4069 bytes
->Flash cache emptied: 53748 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres.Querrie-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 239105756 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,858.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.40.0 log created on 04222012_082322

Files\Folders moved on Reboot...
C:\Users\BQfromNY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\BQfromNY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2VOALHS\fastbutton[1].htm moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 4/22/2012 8:34:40 AM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.22% Memory free
16.05 Gb Paging File | 14.24 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 2.58 Gb Free Space | 3.46% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 931.51 Gb Total Space | 419.97 Gb Free Space | 45.09% Space Free | Partition Type: NTFS

Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/11/18 00:25:22 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009/09/08 03:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- G:\Applications\PowerISO\PWRISOVM.EXE
PRC - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe
PRC - [2007/12/22 09:36:18 | 001,040,384 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\EDIMAX\Common\RaUI.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/10/23 04:18:40 | 000,100,352 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/10/23 04:18:38 | 000,684,032 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/10/23 04:18:38 | 000,466,975 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/10 10:38:32 | 000,393,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/31 03:00:24 | 000,085,936 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2007/12/06 13:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2005/03/29 05:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://woot.com/
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://woot.com/
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\BQfromNY\AppData\Roaming\IDM\idmmzcc5


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Facemoods = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\
CHR - Extension: ICE Quick Stream = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.9_0\
CHR - Extension: Poppit = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2010/07/25 00:26:50 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1007..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: NameServer = 208.67.220.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell - "" = AutoRun
O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: convlwiz - (C:\Windows\system32\RmCllist.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/22 08:23:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/21 19:40:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe
[2012/04/21 19:36:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
[2012/04/21 03:48:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com
[2012/04/21 03:48:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr
[2012/04/21 02:42:05 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe
[2012/04/20 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\virus
[2012/04/07 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52}
[2012/04/02 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RatioMaster.NET

========== Files - Modified Within 30 Days ==========

[2012/04/22 08:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/22 08:29:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 08:29:42 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 08:29:42 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 08:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 08:01:59 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000UA.job
[2012/04/22 07:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000Core.job
[2012/04/21 22:23:09 | 000,724,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/21 22:23:09 | 000,618,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/21 22:23:09 | 000,110,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/21 20:29:11 | 000,407,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/21 20:25:49 | 000,001,356 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat
[2012/04/21 20:18:10 | 000,001,460 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps64.dat
[2012/04/21 20:04:04 | 000,000,512 | ---- | M] () -- C:\Users\BQfromNY\Desktop\MBR.dat
[2012/04/21 19:40:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe
[2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com
[2012/04/21 12:10:39 | 000,215,040 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 03:48:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com
[2012/04/21 03:48:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr
[2012/04/21 02:42:04 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe
[2012/04/21 01:20:54 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 23:45:52 | 001,008,141 | ---- | M] () -- C:\Users\BQfromNY\Desktop\iexplorer.com
[2012/04/16 08:46:46 | 000,358,544 | ---- | M] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent
[2012/04/13 19:24:20 | 111,762,379 | ---- | M] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 17:13:43 | 018,283,464 | ---- | M] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf
[2012/03/30 15:18:26 | 000,000,545 | ---- | M] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk
[2012/03/30 14:03:06 | 038,146,728 | ---- | M] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4

========== Files Created - No Company Name ==========

[2012/04/21 20:04:04 | 000,000,512 | ---- | C] () -- C:\Users\BQfromNY\Desktop\MBR.dat
[2012/04/21 01:20:54 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/20 23:57:39 | 001,008,141 | ---- | C] () -- C:\Users\BQfromNY\Desktop\iexplorer.com
[2012/04/16 08:46:52 | 000,358,544 | ---- | C] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent
[2012/04/13 15:27:53 | 111,762,379 | ---- | C] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar
[2012/04/02 17:12:36 | 018,283,464 | ---- | C] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf
[2012/03/31 01:13:15 | 038,146,728 | ---- | C] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4
[2012/03/30 15:18:26 | 000,000,545 | ---- | C] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk
[2012/02/11 18:55:13 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/29 10:30:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/24 11:16:42 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2011/09/24 13:59:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/08 19:17:26 | 000,000,129 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/18 22:54:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/24 13:57:12 | 000,001,714 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\SAS7_000.DAT
[2010/12/19 09:01:02 | 000,001,356 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat
[2010/12/04 00:31:42 | 000,000,745 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\AtomicAlarmClock.ini

========== LOP Check ==========

[2011/11/27 00:24:44 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\DMCache
[2011/02/02 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Easeware
[2012/04/08 22:40:19 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FileZilla
[2010/03/07 03:39:23 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FLV Extract
[2010/11/03 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\HEM Data
[2010/02/12 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Libronix DLS
[2011/10/03 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\motorola
[2011/02/04 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\RIFT
[2011/10/31 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Temp
[2011/12/25 02:04:12 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\TS3Client
[2011/12/16 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\ts3overlay
[2010/03/26 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\UnknownApplicationVendor
[2012/04/19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\uTorrent
[2011/01/12 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\wargaming.net
[2011/06/08 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Xilisoft
[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/04/22 08:27:50 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
BQfromNY :: QUERRIE-PC [administrator]

4/22/2012 8:41:29 AM
mbam-log-2012-04-22 (08-41-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271029
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=96a420de7df5d54482fd5db2f32e8c48
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-21 07:52:44
# local_time=2012-04-21 03:52:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 56 25176342 171590693 0 0
# compatibility_mode=8192 67108863 100 0 53042133 53042133 0 0
# scanned=199423
# found=3
# cleaned=3
# scan_time=2777
C:\Program Files (x86)\FoxTabFlvPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\F copy\OneTouch 4\Gamez\Dirt.3-SKIDROW\Dirt3 installed\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
G:\F copy\OneTouch 4\Malwarebytes_Anti-Malware.1.44_PRO\Malwarebytes Anti-Malware.1.44 PRO\mbam-setup.exe probably a variant of Win32/Inject.BHIWHJY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#8
Nedklaw
Posted 23 April 2012 - 02:30 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
You can follow the instructions here to transfer your files over to a different drive.

Congratultions your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands
[emptytemp]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.2.202.228) and Adobe Shockwave Player (11.6.4.634) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#9
BQfromNY
Posted 23 April 2012 - 04:02 PM

BQfromNY

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
TY for your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP