OTL logfile created on: 4/22/2012 4:08:26 PM - Run 3 OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\BQfromNY\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 5.11 Gb Available Physical Memory | 63.95% Memory free 16.20 Gb Paging File | 13.06 Gb Available in Paging File | 80.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74.53 Gb Total Space | 4.30 Gb Free Space | 5.76% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive G: | 931.51 Gb Total Space | 419.97 Gb Free Space | 45.09% Space Free | Partition Type: NTFS Computer Name: QUERRIE-PC | User Name: BQfromNY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011/11/18 00:25:22 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe PRC - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009/09/08 03:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe PRC - [2008/11/02 04:38:58 | 000,167,936 | ---- | M] (PowerISO Computing, Inc.) -- G:\Applications\PowerISO\PWRISOVM.EXE PRC - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe PRC - [2007/12/22 09:36:18 | 001,040,384 | ---- | M] (Edimax Technology Co., Ltd.) -- C:\Program Files (x86)\EDIMAX\Common\RaUI.exe ========== Modules (No Company Name) ========== MOD - [2011/10/23 04:19:04 | 005,013,128 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe MOD - [2011/10/23 04:18:40 | 000,100,352 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\avutil-50.dll MOD - [2011/10/23 04:18:38 | 000,684,032 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\libexpat.dll MOD - [2011/10/23 04:18:38 | 000,466,975 | ---- | M] () -- G:\Applications\Verizon V CAST Media Manager\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/08 03:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/12/26 18:17:18 | 000,053,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EDIMAX\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL) DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/06/10 10:38:32 | 000,393,216 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr6164.sys -- (rt61x64) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/10/31 03:00:24 | 000,085,936 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2007/12/06 13:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2005/03/29 05:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://woot.com/ IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://woot.com/ IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BQfromNY\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\BQfromNY\AppData\Roaming\IDM\idmmzcc5 ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Entanglement = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: Facemoods = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.6_0\ CHR - Extension: ICE Quick Stream = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.9_0\ CHR - Extension: Poppit = C:\Users\BQfromNY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ O1 HOSTS File: ([2010/07/25 00:26:50 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation) O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found O4 - HKLM..\Run: [PWRISOVM.EXE] G:\Applications\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [HLBackupScheduler] G:\Applications\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe () O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2894203282-2819386857-897259243-1007..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2894203282-2819386857-897259243-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63B6EB1-2DF5-4535-AF1C-F37211BFB0EE}: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF2394B9-131C-4AE8-AB5B-1BB9D7DC6678}: NameServer = 208.67.220.222,208.67.220.220 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\BQfromNY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun O33 - MountPoints2\{4dd7bd17-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = J:\setup.exe -a O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell - "" = AutoRun O33 - MountPoints2\{4dd7be84-d615-11e0-a8b9-0022153fbda0}\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell - "" = AutoRun O33 - MountPoints2\{5f1919db-df8f-11e0-96bd-0022153fbda0}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell - "" = AutoRun O33 - MountPoints2\{6e438395-4f90-11e1-82c4-0022153fbda0}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell - "" = AutoRun O33 - MountPoints2\{9b8cb9e9-0b74-11e1-a744-0022153fbda0}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: convlwiz - (C:\Windows\system32\RmCllist.dll) - File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/22 16:05:50 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RK_Quarantine [2012/04/22 15:59:34 | 002,072,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\BQfromNY\Desktop\TDSSKiller.exe [2012/04/22 08:23:22 | 000,000,000 | ---D | C] -- C:\_OTL [2012/04/21 19:40:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe [2012/04/21 19:36:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com [2012/04/21 03:48:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com [2012/04/21 03:48:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr [2012/04/21 02:42:05 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe [2012/04/20 23:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\virus [2012/04/07 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\AppData\Local\{1E221A13-D0E9-49EA-9657-EC34C61E4C52} [2012/04/02 13:06:24 | 000,000,000 | ---D | C] -- C:\Users\BQfromNY\Desktop\RatioMaster.NET ========== Files - Modified Within 30 Days ========== [2012/04/22 16:05:28 | 001,280,512 | ---- | M] () -- C:\Users\BQfromNY\Desktop\RogueKiller.exe [2012/04/22 16:02:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000UA.job [2012/04/22 15:59:17 | 002,053,340 | ---- | M] () -- C:\Users\BQfromNY\Desktop\tdsskiller.zip [2012/04/22 15:34:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/22 14:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/22 14:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/22 09:52:41 | 000,724,366 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/04/22 09:52:41 | 000,618,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/04/22 09:52:41 | 000,110,072 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/04/22 09:50:27 | 000,216,064 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/22 08:29:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/22 08:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/22 07:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2894203282-2819386857-897259243-1000Core.job [2012/04/21 20:29:11 | 000,407,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/04/21 20:25:49 | 000,001,356 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat [2012/04/21 20:18:10 | 000,001,460 | ---- | M] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps64.dat [2012/04/21 20:04:04 | 000,000,512 | ---- | M] () -- C:\Users\BQfromNY\Desktop\MBR.dat [2012/04/21 19:40:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\BQfromNY\Desktop\aswMBR.exe [2012/04/21 19:34:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\BQfromNY\Desktop\OTL.com [2012/04/21 03:48:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.com [2012/04/21 03:48:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BQfromNY\Desktop\dds.scr [2012/04/21 02:42:04 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\BQfromNY\Desktop\FixExec.exe [2012/04/21 01:20:54 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/20 23:45:52 | 001,008,141 | ---- | M] () -- C:\Users\BQfromNY\Desktop\iexplorer.com [2012/04/20 19:50:44 | 002,072,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\BQfromNY\Desktop\TDSSKiller.exe [2012/04/16 08:46:46 | 000,358,544 | ---- | M] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent [2012/04/13 19:24:20 | 111,762,379 | ---- | M] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/04/02 17:13:43 | 018,283,464 | ---- | M] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf [2012/03/30 15:18:26 | 000,000,545 | ---- | M] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk [2012/03/30 14:03:06 | 038,146,728 | ---- | M] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4 ========== Files Created - No Company Name ========== [2012/04/22 16:05:31 | 001,280,512 | ---- | C] () -- C:\Users\BQfromNY\Desktop\RogueKiller.exe [2012/04/22 15:59:20 | 002,053,340 | ---- | C] () -- C:\Users\BQfromNY\Desktop\tdsskiller.zip [2012/04/22 09:50:12 | 037,945,640 | ---- | C] () -- C:\Users\BQfromNY\Desktop\2- Came to my Rescue-Hillsong United.avi [2012/04/22 09:48:32 | 011,823,549 | ---- | C] () -- C:\Users\BQfromNY\Desktop\3 Greg o'quinn and ipraize Lead Me Jesus(480p_H.264-AAC).flv [2012/04/22 09:47:57 | 010,964,992 | ---- | C] () -- C:\Users\BQfromNY\Desktop\1 holy spirit come kate miner.mpg [2012/04/21 20:04:04 | 000,000,512 | ---- | C] () -- C:\Users\BQfromNY\Desktop\MBR.dat [2012/04/21 01:20:54 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/20 23:57:39 | 001,008,141 | ---- | C] () -- C:\Users\BQfromNY\Desktop\iexplorer.com [2012/04/16 08:46:52 | 000,358,544 | ---- | C] () -- C:\Users\BQfromNY\Desktop\Mission_Impossible_Ghost_Protocol_2011_720p_BluRay_x264_SPARKS.torrent [2012/04/13 15:27:53 | 111,762,379 | ---- | C] () -- C:\Users\BQfromNY\Desktop\K.J-5.2-D2012.rar [2012/04/02 17:12:36 | 018,283,464 | ---- | C] () -- C:\Users\BQfromNY\Desktop\power of one final poster copy.pdf [2012/03/31 01:13:15 | 038,146,728 | ---- | C] () -- C:\Users\BQfromNY\Desktop\lake fence video.mp4 [2012/03/30 15:18:26 | 000,000,545 | ---- | C] () -- C:\Users\BQfromNY\Desktop\INVENTORY - Shortcut.lnk [2012/02/11 18:55:13 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/10/29 10:30:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/10/24 11:16:42 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll [2011/09/24 13:59:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/07/08 19:17:26 | 000,000,129 | ---- | C] () -- C:\Windows\QUICKEN.INI [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/01/18 22:54:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/12/24 13:57:12 | 000,001,714 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\SAS7_000.DAT [2010/12/19 09:01:02 | 000,001,356 | ---- | C] () -- C:\Users\BQfromNY\AppData\Local\d3d9caps.dat [2010/12/04 00:31:42 | 000,000,745 | ---- | C] () -- C:\Users\BQfromNY\AppData\Roaming\AtomicAlarmClock.ini ========== LOP Check ========== [2011/11/27 00:24:44 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\DMCache [2011/02/02 12:16:29 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Easeware [2012/04/08 22:40:19 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FileZilla [2010/03/07 03:39:23 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\FLV Extract [2010/11/03 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\HEM Data [2010/02/12 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Libronix DLS [2011/10/03 22:12:11 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\motorola [2011/02/04 22:47:03 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\RIFT [2011/10/31 22:22:49 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Temp [2011/12/25 02:04:12 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\TS3Client [2011/12/16 13:57:56 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\ts3overlay [2010/03/26 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\UnknownApplicationVendor [2012/04/19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\uTorrent [2011/01/12 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\wargaming.net [2011/06/08 23:28:07 | 000,000,000 | ---D | M] -- C:\Users\BQfromNY\AppData\Roaming\Xilisoft [2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp [2012/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp [2012/04/22 08:27:50 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >