Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't get rid of Buzqo. =[

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't get rid of Buzqo. =[

Unread postby jimber03 » December 16th, 2011, 8:51 pm

Downloaded the "free youtube downloader" from cnet and now this buzqo keeps messing with my search engine in google chrome, firefox, and IE. I've tried kaspersky, malware removal, etc.

Please help!

Let me know if you need any more information!

Thank you!

-Jim


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Rawr at 19:39:23 on 2011-12-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1138 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbengine.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.dell.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "C:\Users\Rawr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Rawr\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun: [FAStartup]
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Rawr\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{BDA2A005-4FD8-42A5-8EA2-DC61D538BF1B} : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{BDA2A005-4FD8-42A5-8EA2-DC61D538BF1B}\038364850343030373237333 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BDA2A005-4FD8-42A5-8EA2-DC61D538BF1B}\2496E676 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E6EADE37-256F-48C3-BF90-316EDC3C857E} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
mRun-x64: [FAStartup]
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-22 98208]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-5-27 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-5-27 128512]
R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-4 1997416]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-17 378984]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S0 johci;JMicron 1394 Filter Driver;C:\Windows\system32\DRIVERS\johci.sys --> C:\Windows\system32\DRIVERS\johci.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-29 136176]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-17 00:26:57 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-17 00:26:41 -------- d-----w- C:\Users\Rawr\AppData\Roaming\Malwarebytes
2011-12-17 00:26:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-17 00:26:18 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-17 00:26:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-16 18:15:55 -------- d-----w- C:\Users\Rawr\AppData\Local\{D10C53F2-357D-4918-8817-3D3FD9DB38AC}
2011-12-16 18:15:45 -------- d-----w- C:\Users\Rawr\AppData\Local\{1DC551F0-326D-4A7D-B040-65CEF2E2F401}
2011-12-16 06:51:26 -------- d-----w- C:\Program Files (x86)\Free YouTube Downloader
2011-12-16 06:25:43 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA8D278A-6CA0-4DFA-AA95-BC9DFBA54C71}\mpengine.dll
2011-12-16 06:25:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA8D278A-6CA0-4DFA-AA95-BC9DFBA54C71}\offreg.dll
2011-12-16 06:15:21 -------- d-----w- C:\Users\Rawr\AppData\Local\{8A171006-56A2-4230-AF00-B923B740EF93}
2011-12-15 12:09:09 -------- d-----w- C:\Users\Rawr\AppData\Local\{4DBBF984-B48A-4FD6-BD75-ABAC297E62E4}
2011-12-15 12:08:59 -------- d-----w- C:\Users\Rawr\AppData\Local\{84F065AD-9C01-4763-B4A0-C41BC606C4F8}
2011-12-15 04:26:57 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 04:26:55 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 04:26:55 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 04:26:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 04:26:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 22:54:28 -------- d-----w- C:\Users\Rawr\AppData\Local\{5960A182-D553-42FE-8206-C753A38BDBE5}
2011-12-14 22:54:18 -------- d-----w- C:\Users\Rawr\AppData\Local\{39C0458F-F23B-44D1-8C35-BBFB4F79A5D5}
2011-12-14 05:50:47 -------- d-----w- C:\Users\Rawr\AppData\Local\{20702A78-74B7-4AC6-BD64-C21B344A747C}
2011-12-14 05:50:37 -------- d-----w- C:\Users\Rawr\AppData\Local\{61BC73B9-FFEE-470B-850A-7246C27BAD7E}
2011-12-13 23:43:05 -------- d-----w- C:\Users\Rawr\AppData\Roaming\mIRC
2011-12-13 23:43:05 -------- d-----w- C:\Program Files (x86)\mIRC
2011-12-13 05:17:10 -------- d-----w- C:\Users\Rawr\AppData\Local\{CB040899-3864-4813-8BF2-56F7D1F9FC9C}
2011-12-13 05:17:01 -------- d-----w- C:\Users\Rawr\AppData\Local\{8899484D-A67E-4B3E-9CD6-09EF8E2C5990}
2011-12-12 22:44:40 -------- d-----w- C:\Program Files (x86)\StartNow Toolbar
2011-12-12 22:43:51 -------- d-----w- C:\Users\Rawr\AppData\Local\TempDIR
2011-12-12 17:16:35 -------- d-----w- C:\Users\Rawr\AppData\Local\{59ED4CEE-4042-4AD8-9BF9-C599DF62B320}
2011-12-12 17:16:25 -------- d-----w- C:\Users\Rawr\AppData\Local\{25C4E587-B47B-4C72-A761-E1BFBC019C9E}
2011-12-11 20:15:08 -------- d-----w- C:\Users\Rawr\AppData\Local\{F62AFFF7-6F04-4BB5-9298-BDAAEE946CC2}
2011-12-11 20:14:58 -------- d-----w- C:\Users\Rawr\AppData\Local\{5B4DD06C-7D49-4B42-95A0-95CEDC26DB5F}
2011-12-11 08:14:32 -------- d-----w- C:\Users\Rawr\AppData\Local\{8895B98A-6CDD-41B7-9901-84F4DF61C98F}
2011-12-10 20:59:26 -------- d-----w- C:\Windows\SysWow64\aliedit
2011-12-10 20:59:17 -------- d-----w- C:\Program Files (x86)\Trademanager
2011-12-10 20:56:09 -------- d-----w- C:\Users\Rawr\AppData\Local\Alibaba
2011-12-10 20:14:06 -------- d-----w- C:\Users\Rawr\AppData\Local\{23B0B1A4-0095-423E-96DD-12BA735096BB}
2011-12-10 20:13:54 -------- d-----w- C:\Users\Rawr\AppData\Local\{AEC09A48-D433-4130-95FC-B99ABE1A576A}
2011-12-09 22:40:51 -------- d-----w- C:\Users\Rawr\AppData\Local\{D9B02C0F-3ED4-4FCA-9264-939E1ACD1A94}
2011-12-09 22:40:39 -------- d-----w- C:\Users\Rawr\AppData\Local\{37D85586-E3D8-4164-97B7-2BD5F502B5F1}
2011-12-09 03:04:50 -------- d-----w- C:\Users\Rawr\AppData\Local\{6CCC16ED-FFD3-41F8-937C-F49C93B04B7E}
2011-12-09 03:04:40 -------- d-----w- C:\Users\Rawr\AppData\Local\{BF578B44-B6FD-4577-B7EE-734B770AB356}
2011-12-07 18:36:40 -------- d-----w- C:\Users\Rawr\AppData\Local\{1AA95B1B-D7A6-49FE-AD04-87CAD513824B}
2011-12-07 18:36:30 -------- d-----w- C:\Users\Rawr\AppData\Local\{3FB90128-5DEC-4E04-A531-A2450F41B079}
2011-12-07 02:10:08 -------- d-----r- C:\Program Files (x86)\Skype
2011-12-06 23:47:00 -------- d-----w- C:\Users\Rawr\AppData\Local\{FED9ACC0-27ED-41E3-90D3-83C25E96A8CD}
2011-12-06 23:46:50 -------- d-----w- C:\Users\Rawr\AppData\Local\{83828103-7123-40ED-9A01-FB4D485D9679}
2011-12-06 11:46:22 -------- d-----w- C:\Users\Rawr\AppData\Local\{45B189D3-C6B5-45FA-90D9-ACBDF2FE1134}
2011-12-06 11:46:07 -------- d-----w- C:\Users\Rawr\AppData\Local\{B841B295-5F8C-4AC6-ACE3-582F1A365ED6}
2011-12-05 16:57:30 -------- d-----w- C:\Users\Rawr\AppData\Local\{655529BA-01EE-4CA9-8091-F5078DA47BB0}
2011-12-05 16:57:19 -------- d-----w- C:\Users\Rawr\AppData\Local\{18C65620-90FA-4918-A126-90265C5CD2ED}
2011-12-04 04:41:12 -------- d-----w- C:\Users\Rawr\AppData\Local\{FFF4A02A-71A7-472C-A833-0B869A85B39D}
2011-12-04 04:41:00 -------- d-----w- C:\Users\Rawr\AppData\Local\{92461499-E83E-4D14-9E59-2542B980121F}
2011-12-03 16:40:29 -------- d-----w- C:\Users\Rawr\AppData\Local\{9413723E-520C-473F-979B-10ADC67FBFC1}
2011-12-03 16:40:18 -------- d-----w- C:\Users\Rawr\AppData\Local\{5152B4D0-D313-48A7-B3DA-8A5461596E65}
2011-12-02 00:11:55 -------- d-----w- C:\Users\Rawr\AppData\Local\{9AC79F06-A576-46B3-8DF2-C9290CC77937}
2011-12-02 00:11:45 -------- d-----w- C:\Users\Rawr\AppData\Local\{36CA4DBE-5209-4E68-B399-AC5AFEF8853C}
2011-11-30 19:51:00 -------- d-----w- C:\Users\Rawr\AppData\Local\{A80153E0-3033-43CD-92B7-4F96F3DE6B5D}
2011-11-30 19:50:50 -------- d-----w- C:\Users\Rawr\AppData\Local\{679F18A5-D1CA-4287-A9AE-9DC9EAFC07EB}
2011-11-30 07:50:25 -------- d-----w- C:\Users\Rawr\AppData\Local\{F9DBD983-7D43-45D6-B370-FD10736C2D1C}
2011-11-29 19:50:02 -------- d-----w- C:\Users\Rawr\AppData\Local\{FDEE681A-D0C1-41E4-88C1-271F730CA6C5}
2011-11-29 19:49:52 -------- d-----w- C:\Users\Rawr\AppData\Local\{E17CC0A7-D817-43EC-8E80-97CE779894AA}
2011-11-29 04:34:48 -------- d-----w- C:\Users\Rawr\AppData\Local\{53E2EE5A-96F2-4D9D-924C-D9D3CF9DAEEC}
2011-11-29 04:34:38 -------- d-----w- C:\Users\Rawr\AppData\Local\{576D266C-40A0-4AE2-9F8F-49D77AED86F5}
2011-11-28 07:09:26 -------- d-----w- C:\Users\Rawr\AppData\Local\{EAF19100-C236-4CB5-99FF-430A3D8CB4BB}
2011-11-28 07:09:14 -------- d-----w- C:\Users\Rawr\AppData\Local\{B50C8C63-227E-4940-BA92-322837D1075E}
2011-11-27 19:08:49 -------- d-----w- C:\Users\Rawr\AppData\Local\{023E165A-753F-41CA-8397-4D099D986DEF}
2011-11-27 19:08:39 -------- d-----w- C:\Users\Rawr\AppData\Local\{83FD9828-3ED7-4969-B0C2-41B84204FF9E}
2011-11-25 07:57:21 -------- d-----w- C:\Users\Rawr\AppData\Local\{3AB6BB62-BFB8-461F-9636-A1C9EBFA2F86}
2011-11-25 07:57:05 -------- d-----w- C:\Users\Rawr\AppData\Local\{36FE037D-04BC-4593-85BE-339EB99E73B8}
2011-11-22 18:38:39 -------- d-----w- C:\Users\Rawr\AppData\Local\{08ABCF46-CC68-463E-95C5-4E99DA68AB43}
2011-11-22 18:38:29 -------- d-----w- C:\Users\Rawr\AppData\Local\{8468E2D7-313C-40A4-9AAD-E87F3DAA2FE4}
2011-11-22 07:54:21 -------- d-----w- C:\Users\Rawr\AppData\Local\Chromium
2011-11-19 03:28:15 -------- d-----w- C:\Users\Rawr\AppData\Local\{2036E232-B515-4329-BF9B-44094B5930AB}
2011-11-19 03:28:05 -------- d-----w- C:\Users\Rawr\AppData\Local\{508467E1-115E-4B6B-9C25-DF5FD49388AC}
2011-11-18 15:27:53 -------- d-----w- C:\Users\Rawr\AppData\Local\{20CE0B3E-6843-4901-A6D1-604D7CA38047}
2011-11-18 15:27:43 -------- d-----w- C:\Users\Rawr\AppData\Local\{0B07017F-A0E2-49A9-93DD-2F1AC75509B4}
2011-11-18 03:27:31 -------- d-----w- C:\Users\Rawr\AppData\Local\{03695703-568E-4AAA-A474-12D7E7316796}
2011-11-18 03:27:21 -------- d-----w- C:\Users\Rawr\AppData\Local\{5F72E6CE-67CA-44DF-B51D-5DED110BB5EA}
2011-11-17 15:27:09 -------- d-----w- C:\Users\Rawr\AppData\Local\{4A54C7C8-9A1C-4B74-824E-95A693EA7C4A}
2011-11-17 03:26:46 -------- d-----w- C:\Users\Rawr\AppData\Local\{422D039F-9991-4C6B-875B-4673BC9A4C67}
2011-11-17 03:26:36 -------- d-----w- C:\Users\Rawr\AppData\Local\{553CCE14-1E79-4E2C-9D76-DDC25C28ADF0}
.
==================== Find3M ====================
.
2011-11-13 20:09:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-23 05:34:05 140096 ------r- C:\Windows\SysWow64\COMDLG32.OCX
.
============= FINISH: 19:41:29.30 ===============
jimber03
Active Member
 
Posts: 5
Joined: December 14th, 2011, 8:34 pm
Advertisement
Register to Remove

Re: Can't get rid of Buzqo. =[

Unread postby Gary R » December 19th, 2011, 10:46 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Can't get rid of Buzqo. =[

Unread postby Gary R » December 19th, 2011, 11:10 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi jimber03

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Can't get rid of Buzqo. =[

Unread postby jimber03 » December 19th, 2011, 11:00 pm

OTL logfile created on: 12/19/2011 9:37:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rawr\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 49.11% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.21 Gb Total Space | 143.20 Gb Free Space | 65.32% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 6.07 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: MININT-4K02H68 | User Name: Rawr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 21:34:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rawr\Downloads\OTL.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\Rawr\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/18 16:29:34 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Program Files (x86)\Spotify\spotify.exe
PRC - [2011/08/17 10:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/20 12:03:34 | 000,210,144 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/04/13 17:40:34 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/17 04:38:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/17 01:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010/08/13 17:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010/05/21 14:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/21 14:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/05/21 10:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/04/04 13:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2010/04/04 13:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2010/04/04 13:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
PRC - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/07 06:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 06:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 06:15:07 | 000,521,784 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\libglesv2.dll
MOD - [2011/12/07 06:15:06 | 000,112,696 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\libegl.dll
MOD - [2011/12/07 06:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 06:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 06:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/07 02:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011/10/14 06:14:49 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/14 06:14:33 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/14 06:14:20 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/14 06:14:07 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011/10/14 06:14:03 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011/10/14 06:12:18 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/14 06:11:48 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/14 06:11:39 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/14 06:11:31 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 06:11:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 06:11:25 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 06:11:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/08/17 10:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2011/08/08 17:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/03/22 08:30:16 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2011/03/22 08:30:16 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2011/03/22 08:30:16 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2011/03/22 08:30:16 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2011/03/22 08:30:16 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2011/03/22 08:30:16 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
MOD - [2011/03/22 08:30:16 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2011/03/22 08:30:16 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2011/03/22 08:30:16 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2011/03/22 08:30:16 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2011/03/22 08:30:15 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2011/03/22 08:30:15 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2011/03/22 08:30:15 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2011/03/22 08:30:15 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2011/03/22 08:30:15 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2011/03/22 08:30:15 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2011/03/22 08:30:15 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2011/03/17 04:38:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/08/13 17:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2010/05/21 10:39:00 | 000,154,424 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll
MOD - [2010/05/21 10:38:54 | 000,016,704 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/04/04 13:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/04/04 13:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/04/04 13:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2009/12/18 11:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/21 10:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/18 15:17:10 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/04/04 13:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/09/14 03:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 03:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/10 14:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/20 12:03:34 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/03/17 04:38:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/17 01:35:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/02 21:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/19 10:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/04/04 14:10:32 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/04/04 13:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/03/17 04:38:00 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/26 21:41:28 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/07/26 21:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/07/26 21:40:52 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/06/09 15:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/06/09 15:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/04/22 17:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010/04/16 08:06:18 | 000,024,176 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/30 07:04:32 | 000,158,320 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/03/05 10:15:12 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/22 10:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/28 16:25:16 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/16 08:16:00 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/02 18:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/08/02 09:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 15:43:42 | 000,013,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
IE - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = www.dell.com
IE - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Rawr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rawr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rawr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rawr\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rawr\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\Rawr\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/06/01 10:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/06/01 10:41:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/06/01 10:41:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.buzqo.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z067&partner_id=232&product_id=687&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20111212&user_guid=A912E8B8E5604C1594D8E2618453857D&machine_id=a6102d078268125a84d12af053c7020b&browser=CR&os=win&os_version=6.1-x64-SP0
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rawr\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rawr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rawr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Rawr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Rawr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Rawr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Rawr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004..\Run: [Facebook Update] C:\Users\Rawr\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rawr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDA2A005-4FD8-42A5-8EA2-DC61D538BF1B}: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6EADE37-256F-48C3-BF90-316EDC3C857E}: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c275efa-0a2d-11e1-b358-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{4c275efa-0a2d-11e1-b358-5c260a2628dd}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{e5383187-68b1-11e0-8c2e-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{e5383187-68b1-11e0-8c2e-5c260a2628dd}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{f4e1bb3d-a129-11e0-9bb5-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e1bb3d-a129-11e0-9bb5-5c260a2628dd}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 13:26:16 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{27C9D44C-4F0D-4E19-A2BD-986DDE610DD1}
[2011/12/19 13:26:05 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{DBB7C8A9-E634-42E7-A2E3-D1A1EC0723C0}
[2011/12/18 15:03:35 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{00D91E21-89BA-4B9E-B873-22CCF161F96F}
[2011/12/18 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{EE3D661F-2895-46F8-B990-B18379671AEF}
[2011/12/17 21:41:05 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{90668278-7B60-4FD8-A79A-B343D68CFD1B}
[2011/12/17 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{903886C9-6171-43BC-AE46-5526F604AACF}
[2011/12/17 01:16:18 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{E0F0D2E1-D8A7-4DC1-9A14-DB7A511A73D4}
[2011/12/16 20:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/12/16 20:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/12/16 20:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/12/16 20:12:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/16 19:26:41 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Roaming\Malwarebytes
[2011/12/16 19:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/16 19:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/16 19:26:18 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/16 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/16 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{D10C53F2-357D-4918-8817-3D3FD9DB38AC}
[2011/12/16 13:15:45 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{1DC551F0-326D-4A7D-B040-65CEF2E2F401}
[2011/12/16 01:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2011/12/16 01:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube Downloader
[2011/12/16 01:15:21 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{8A171006-56A2-4230-AF00-B923B740EF93}
[2011/12/15 07:09:09 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{4DBBF984-B48A-4FD6-BD75-ABAC297E62E4}
[2011/12/15 07:08:59 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{84F065AD-9C01-4763-B4A0-C41BC606C4F8}
[2011/12/14 23:27:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 23:27:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 23:27:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 23:27:07 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/14 23:27:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/14 23:27:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 23:27:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 23:27:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 23:27:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/14 23:27:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/14 23:27:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/14 23:27:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/14 23:27:06 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 23:27:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 23:27:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/14 23:27:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/14 23:26:55 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 23:26:55 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/14 17:54:28 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{5960A182-D553-42FE-8206-C753A38BDBE5}
[2011/12/14 17:54:18 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{39C0458F-F23B-44D1-8C35-BBFB4F79A5D5}
[2011/12/14 00:50:47 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{20702A78-74B7-4AC6-BD64-C21B344A747C}
[2011/12/14 00:50:37 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{61BC73B9-FFEE-470B-850A-7246C27BAD7E}
[2011/12/13 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Roaming\mIRC
[2011/12/13 18:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011/12/13 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2011/12/13 00:17:10 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{CB040899-3864-4813-8BF2-56F7D1F9FC9C}
[2011/12/13 00:17:01 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{8899484D-A67E-4B3E-9CD6-09EF8E2C5990}
[2011/12/12 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Rawr\Documents\Downloads
[2011/12/12 17:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2011/12/12 17:43:51 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\TempDIR
[2011/12/12 12:16:35 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{59ED4CEE-4042-4AD8-9BF9-C599DF62B320}
[2011/12/12 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{25C4E587-B47B-4C72-A761-E1BFBC019C9E}
[2011/12/11 15:15:08 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{F62AFFF7-6F04-4BB5-9298-BDAAEE946CC2}
[2011/12/11 15:14:58 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{5B4DD06C-7D49-4B42-95A0-95CEDC26DB5F}
[2011/12/11 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\Rawr\Desktop\PCG
[2011/12/11 03:14:32 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{8895B98A-6CDD-41B7-9901-84F4DF61C98F}
[2011/12/10 15:59:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\aliedit
[2011/12/10 15:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trademanager
[2011/12/10 15:56:09 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\Alibaba
[2011/12/10 15:14:06 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{23B0B1A4-0095-423E-96DD-12BA735096BB}
[2011/12/10 15:13:54 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{AEC09A48-D433-4130-95FC-B99ABE1A576A}
[2011/12/09 17:40:51 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{D9B02C0F-3ED4-4FCA-9264-939E1ACD1A94}
[2011/12/09 17:40:39 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{37D85586-E3D8-4164-97B7-2BD5F502B5F1}
[2011/12/08 22:04:50 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{6CCC16ED-FFD3-41F8-937C-F49C93B04B7E}
[2011/12/08 22:04:40 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{BF578B44-B6FD-4577-B7EE-734B770AB356}
[2011/12/07 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{1AA95B1B-D7A6-49FE-AD04-87CAD513824B}
[2011/12/07 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{3FB90128-5DEC-4E04-A531-A2450F41B079}
[2011/12/06 21:10:23 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Roaming\Skype
[2011/12/06 21:10:08 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/12/06 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/06 21:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/06 18:47:00 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{FED9ACC0-27ED-41E3-90D3-83C25E96A8CD}
[2011/12/06 18:46:50 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{83828103-7123-40ED-9A01-FB4D485D9679}
[2011/12/06 06:46:22 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{45B189D3-C6B5-45FA-90D9-ACBDF2FE1134}
[2011/12/06 06:46:07 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{B841B295-5F8C-4AC6-ACE3-582F1A365ED6}
[2011/12/05 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{655529BA-01EE-4CA9-8091-F5078DA47BB0}
[2011/12/05 11:57:19 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{18C65620-90FA-4918-A126-90265C5CD2ED}
[2011/12/03 23:41:12 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{FFF4A02A-71A7-472C-A833-0B869A85B39D}
[2011/12/03 23:41:00 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{92461499-E83E-4D14-9E59-2542B980121F}
[2011/12/03 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{9413723E-520C-473F-979B-10ADC67FBFC1}
[2011/12/03 11:40:18 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{5152B4D0-D313-48A7-B3DA-8A5461596E65}
[2011/12/01 19:11:55 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{9AC79F06-A576-46B3-8DF2-C9290CC77937}
[2011/12/01 19:11:45 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{36CA4DBE-5209-4E68-B399-AC5AFEF8853C}
[2011/11/30 14:51:00 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{A80153E0-3033-43CD-92B7-4F96F3DE6B5D}
[2011/11/30 14:50:50 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{679F18A5-D1CA-4287-A9AE-9DC9EAFC07EB}
[2011/11/30 02:50:25 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{F9DBD983-7D43-45D6-B370-FD10736C2D1C}
[2011/11/29 14:50:02 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{FDEE681A-D0C1-41E4-88C1-271F730CA6C5}
[2011/11/29 14:49:52 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{E17CC0A7-D817-43EC-8E80-97CE779894AA}
[2011/11/28 23:34:48 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{53E2EE5A-96F2-4D9D-924C-D9D3CF9DAEEC}
[2011/11/28 23:34:38 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{576D266C-40A0-4AE2-9F8F-49D77AED86F5}
[2011/11/28 02:09:26 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{EAF19100-C236-4CB5-99FF-430A3D8CB4BB}
[2011/11/28 02:09:14 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{B50C8C63-227E-4940-BA92-322837D1075E}
[2011/11/27 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{023E165A-753F-41CA-8397-4D099D986DEF}
[2011/11/27 14:08:39 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{83FD9828-3ED7-4969-B0C2-41B84204FF9E}
[2011/11/25 02:57:21 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{3AB6BB62-BFB8-461F-9636-A1C9EBFA2F86}
[2011/11/25 02:57:05 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{36FE037D-04BC-4593-85BE-339EB99E73B8}
[2011/11/23 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Roaming\Mozilla
[2011/11/22 13:38:39 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{08ABCF46-CC68-463E-95C5-4E99DA68AB43}
[2011/11/22 13:38:29 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\{8468E2D7-313C-40A4-9AAD-E87F3DAA2FE4}
[2011/11/22 02:54:21 | 000,000,000 | ---D | C] -- C:\Users\Rawr\AppData\Local\Chromium

========== Files - Modified Within 30 Days ==========

[2011/12/19 21:37:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3952885012-3661968044-2985114572-1004UA.job
[2011/12/19 21:29:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952885012-3661968044-2985114572-1004UA.job
[2011/12/19 21:19:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/19 18:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3952885012-3661968044-2985114572-1004Core.job
[2011/12/19 18:29:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952885012-3661968044-2985114572-1004Core.job
[2011/12/19 18:26:15 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/19 18:26:15 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/19 18:26:15 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/19 18:24:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 14:19:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/19 13:31:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 13:31:13 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 13:23:06 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 01:34:42 | 000,011,684 | ---- | M] () -- C:\Users\Rawr\Desktop\Design.jpg
[2011/12/17 21:24:50 | 000,319,114 | ---- | M] () -- C:\Users\Rawr\Desktop\Weeklygamedeal - Price List.pdf
[2011/12/16 23:08:07 | 000,055,643 | ---- | M] () -- C:\Users\Rawr\Desktop\Light Saber 2.jpg
[2011/12/16 20:18:00 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/16 16:01:30 | 000,007,178 | ---- | M] () -- C:\Users\Rawr\Desktop\Memory Card Offer List 2011.pdf
[2011/12/16 14:44:57 | 001,891,076 | ---- | M] () -- C:\Users\Rawr\Desktop\Memory Card Stock.jpg
[2011/12/16 01:51:29 | 000,002,023 | ---- | M] () -- C:\Users\Rawr\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2011/12/15 03:25:14 | 000,414,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/08 20:48:16 | 000,050,549 | ---- | M] () -- C:\Users\Rawr\Desktop\elle-_see-eyewear-boston-3.pdf
[2011/12/03 12:18:36 | 000,005,120 | ---- | M] () -- C:\Users\Rawr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/12/19 01:34:41 | 000,011,684 | ---- | C] () -- C:\Users\Rawr\Desktop\Design.jpg
[2011/12/17 21:24:45 | 000,319,114 | ---- | C] () -- C:\Users\Rawr\Desktop\Weeklygamedeal - Price List.pdf
[2011/12/16 23:08:07 | 000,055,643 | ---- | C] () -- C:\Users\Rawr\Desktop\Light Saber 2.jpg
[2011/12/16 20:18:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/16 20:18:00 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/16 16:01:27 | 000,007,178 | ---- | C] () -- C:\Users\Rawr\Desktop\Memory Card Offer List 2011.pdf
[2011/12/16 14:41:38 | 001,891,076 | ---- | C] () -- C:\Users\Rawr\Desktop\Memory Card Stock.jpg
[2011/12/08 20:48:16 | 000,050,549 | ---- | C] () -- C:\Users\Rawr\Desktop\elle-_see-eyewear-boston-3.pdf
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/28 02:50:11 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/05/27 14:41:14 | 000,000,045 | ---- | C] () -- C:\Windows\ENX420.ini
[2011/04/20 14:05:51 | 000,005,120 | ---- | C] () -- C:\Users\Rawr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 10:25:30 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/22 07:46:24 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/03/22 07:27:18 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2010/05/21 14:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/04/04 13:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 13:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 13:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/09/09 18:18:28 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\EMSC.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/30 13:15:43 | 000,000,000 | ---D | M] -- C:\Users\Rawr\AppData\Roaming\Canon
[2011/05/26 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\Rawr\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/28 02:01:57 | 000,000,000 | ---D | M] -- C:\Users\Rawr\AppData\Roaming\Epson
[2011/04/14 10:29:06 | 000,000,000 | ---D | M] -- C:\Users\Rawr\AppData\Roaming\Softland
[2011/12/19 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\Rawr\AppData\Roaming\Spotify
[2011/12/19 21:47:14 | 000,000,000 | ---D | M] -- C:\Users\Rawr\AppData\Roaming\uTorrent
[2011/12/19 18:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3952885012-3661968044-2985114572-1004Core.job
[2011/12/19 21:37:04 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3952885012-3661968044-2985114572-1004UA.job
[2011/10/31 21:09:32 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
jimber03
Active Member
 
Posts: 5
Joined: December 14th, 2011, 8:34 pm

Re: Can't get rid of Buzqo. =[

Unread postby jimber03 » December 19th, 2011, 11:03 pm

OTL Extras logfile created on: 12/19/2011 9:37:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rawr\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 49.11% Memory free
7.60 Gb Paging File | 4.83 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.21 Gb Total Space | 143.20 Gb Free Space | 65.32% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 6.07 Gb Free Space | 44.39% Space Free | Partition Type: NTFS

Computer Name: MININT-4K02H68 | User Name: Rawr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series" = Canon MX420 series MP Drivers
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.76
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.76
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.2 printer
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1f10578d-d8d4-4300-b119-78daee43b4b1}" = Nero 9 Essentials
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B24ECDD-968F-4DF2-91E5-E4BFC7B72134}" = RSDLite
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.3.120
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aerolister Pro 7_is1" = Aerolister Pro 7
"AliSetup" = AliSetup 0.1.0.52
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"InstallShield_{831E13F4-3D72-4427-9C4C-A998E5952E7E}" = Alienware On-Screen Display
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"mIRC" = mIRC
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PdaNet_is1" = PdaNet for Android 3.02
"Spotify" = Spotify
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3952885012-3661968044-2985114572-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2011 5:55:52 AM | Computer Name = MININT-4K02H68 | Source = Windows Search Service | ID = 3007
Description =

Error - 10/28/2011 6:37:05 PM | Computer Name = MININT-4K02H68 | Source = Google Update | ID = 20
Description =

Error - 10/28/2011 9:37:05 PM | Computer Name = MININT-4K02H68 | Source = Google Update | ID = 20
Description =

Error - 11/9/2011 1:12:46 AM | Computer Name = MININT-4K02H68 | Source = MsiInstaller | ID = 1013
Description =

Error - 11/13/2011 6:03:53 PM | Computer Name = MININT-4K02H68 | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.106 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: dd0 Start
Time: 01cca23ff9aca9d6 Termination Time: 18 Application Path: C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 35a46792-0e43-11e1-9199-5c260a2628dd

Error - 11/13/2011 6:04:53 PM | Computer Name = MININT-4K02H68 | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.106 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1730 Start
Time: 01cca25023edc66c Termination Time: 14 Application Path: C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 70d84c72-0e43-11e1-9199-5c260a2628dd

Error - 11/22/2011 6:09:44 AM | Computer Name = MININT-4K02H68 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x42746e65 Faulting process id:
0x1b14 Faulting application start time: 0x01cca8fdb0045fa3 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 1914929b-14f2-11e1-836b-5c260a2628dd

Error - 12/4/2011 11:29:10 PM | Computer Name = MININT-4K02H68 | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.121 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4f8 Start
Time: 01ccb2d79db43fa4 Termination Time: 12 Application Path: C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 441f32e5-1ef1-11e1-b522-5c260a2628dd

Error - 12/4/2011 11:33:58 PM | Computer Name = MININT-4K02H68 | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.121 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d6c Start
Time: 01ccb2fe0e525a09 Termination Time: 10 Application Path: C:\Users\Rawr\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: f56a6006-1ef1-11e1-b522-5c260a2628dd

Error - 12/6/2011 7:39:30 AM | Computer Name = MININT-4K02H68 | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/27/2011 6:34:43 PM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/28/2011 12:41:37 AM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/28/2011 5:41:42 PM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/28/2011 7:15:33 PM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/29/2011 8:42:37 AM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/30/2011 4:36:12 PM | Computer Name = MININT-4K02H68 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:17:13 PM on ?8/?30/?2011 was unexpected.

Error - 8/30/2011 4:36:39 PM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/31/2011 1:14:56 AM | Computer Name = MININT-4K02H68 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:07:04 PM on ?8/?30/?2011 was unexpected.

Error - 8/31/2011 1:15:27 AM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 8/31/2011 10:59:05 AM | Computer Name = MININT-4K02H68 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
jimber03
Active Member
 
Posts: 5
Joined: December 14th, 2011, 8:34 pm

Re: Can't get rid of Buzqo. =[

Unread postby jimber03 » December 19th, 2011, 11:05 pm

Thank you! =]
jimber03
Active Member
 
Posts: 5
Joined: December 14th, 2011, 8:34 pm

Re: Can't get rid of Buzqo. =[

Unread postby Gary R » December 20th, 2011, 3:49 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 26
µTorrent
Google Chrome


Old versions of java can be exploited. (we'll update to the latest version later)

Use of P2P programs is the quickest way to contract an infection that I know, in exchange for our help this forum insists on their removal.

We need to temporarily uninstall Google Chrome to remove the infection, you can re-install it once we've cleaned your machine.

Reboot your computer once those programs have been uninstalled.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
SRV - [2011/05/20 12:03:34 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O33 - MountPoints2\{4c275efa-0a2d-11e1-b358-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{4c275efa-0a2d-11e1-b358-5c260a2628dd}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{e5383187-68b1-11e0-8c2e-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{e5383187-68b1-11e0-8c2e-5c260a2628dd}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{f4e1bb3d-a129-11e0-9bb5-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e1bb3d-a129-11e0-9bb5-5c260a2628dd}\Shell\AutoRun\command - "" = E:\setup.exe -a

:files
C:\Users\Rawr\AppData\Local\{27C9D44C-4F0D-4E19-A2BD-986DDE610DD1}
C:\Users\Rawr\AppData\Local\{DBB7C8A9-E634-42E7-A2E3-D1A1EC0723C0}
C:\Users\Rawr\AppData\Local\{00D91E21-89BA-4B9E-B873-22CCF161F96F}
C:\Users\Rawr\AppData\Local\{EE3D661F-2895-46F8-B990-B18379671AEF}
C:\Users\Rawr\AppData\Local\{90668278-7B60-4FD8-A79A-B343D68CFD1B}
C:\Users\Rawr\AppData\Local\{903886C9-6171-43BC-AE46-5526F604AACF}
C:\Users\Rawr\AppData\Local\{E0F0D2E1-D8A7-4DC1-9A14-DB7A511A73D4}
C:\Users\Rawr\AppData\Local\{D10C53F2-357D-4918-8817-3D3FD9DB38AC}
C:\Users\Rawr\AppData\Local\{1DC551F0-326D-4A7D-B040-65CEF2E2F401}
C:\Users\Rawr\AppData\Local\{8A171006-56A2-4230-AF00-B923B740EF93}
C:\Users\Rawr\AppData\Local\{4DBBF984-B48A-4FD6-BD75-ABAC297E62E4}
C:\Users\Rawr\AppData\Local\{84F065AD-9C01-4763-B4A0-C41BC606C4F8}
C:\Users\Rawr\AppData\Local\{5960A182-D553-42FE-8206-C753A38BDBE5}
C:\Users\Rawr\AppData\Local\{39C0458F-F23B-44D1-8C35-BBFB4F79A5D5}
C:\Users\Rawr\AppData\Local\{20702A78-74B7-4AC6-BD64-C21B344A747C}
C:\Users\Rawr\AppData\Local\{61BC73B9-FFEE-470B-850A-7246C27BAD7E}
C:\Users\Rawr\AppData\Local\{CB040899-3864-4813-8BF2-56F7D1F9FC9C}
C:\Users\Rawr\AppData\Local\{8899484D-A67E-4B3E-9CD6-09EF8E2C5990}
C:\Program Files (x86)\StartNow Toolbar
C:\Users\Rawr\AppData\Local\{59ED4CEE-4042-4AD8-9BF9-C599DF62B320}
C:\Users\Rawr\AppData\Local\{25C4E587-B47B-4C72-A761-E1BFBC019C9E}
C:\Users\Rawr\AppData\Local\{F62AFFF7-6F04-4BB5-9298-BDAAEE946CC2}
C:\Users\Rawr\AppData\Local\{5B4DD06C-7D49-4B42-95A0-95CEDC26DB5F}
C:\Users\Rawr\AppData\Local\{8895B98A-6CDD-41B7-9901-84F4DF61C98F}
C:\Users\Rawr\AppData\Local\{23B0B1A4-0095-423E-96DD-12BA735096BB}
C:\Users\Rawr\AppData\Local\{AEC09A48-D433-4130-95FC-B99ABE1A576A}
C:\Users\Rawr\AppData\Local\{D9B02C0F-3ED4-4FCA-9264-939E1ACD1A94}
C:\Users\Rawr\AppData\Local\{37D85586-E3D8-4164-97B7-2BD5F502B5F1}
C:\Users\Rawr\AppData\Local\{6CCC16ED-FFD3-41F8-937C-F49C93B04B7E}
C:\Users\Rawr\AppData\Local\{BF578B44-B6FD-4577-B7EE-734B770AB356}
C:\Users\Rawr\AppData\Local\{1AA95B1B-D7A6-49FE-AD04-87CAD513824B}
C:\Users\Rawr\AppData\Local\{3FB90128-5DEC-4E04-A531-A2450F41B079}
C:\Users\Rawr\AppData\Local\{FED9ACC0-27ED-41E3-90D3-83C25E96A8CD}
C:\Users\Rawr\AppData\Local\{83828103-7123-40ED-9A01-FB4D485D9679}
C:\Users\Rawr\AppData\Local\{45B189D3-C6B5-45FA-90D9-ACBDF2FE1134}
C:\Users\Rawr\AppData\Local\{B841B295-5F8C-4AC6-ACE3-582F1A365ED6}
C:\Users\Rawr\AppData\Local\{655529BA-01EE-4CA9-8091-F5078DA47BB0}
C:\Users\Rawr\AppData\Local\{18C65620-90FA-4918-A126-90265C5CD2ED}
C:\Users\Rawr\AppData\Local\{FFF4A02A-71A7-472C-A833-0B869A85B39D}
C:\Users\Rawr\AppData\Local\{92461499-E83E-4D14-9E59-2542B980121F}
C:\Users\Rawr\AppData\Local\{9413723E-520C-473F-979B-10ADC67FBFC1}
C:\Users\Rawr\AppData\Local\{5152B4D0-D313-48A7-B3DA-8A5461596E65}
C:\Users\Rawr\AppData\Local\{9AC79F06-A576-46B3-8DF2-C9290CC77937}
C:\Users\Rawr\AppData\Local\{36CA4DBE-5209-4E68-B399-AC5AFEF8853C}
C:\Users\Rawr\AppData\Local\{A80153E0-3033-43CD-92B7-4F96F3DE6B5D}
C:\Users\Rawr\AppData\Local\{679F18A5-D1CA-4287-A9AE-9DC9EAFC07EB}
C:\Users\Rawr\AppData\Local\{F9DBD983-7D43-45D6-B370-FD10736C2D1C}
C:\Users\Rawr\AppData\Local\{FDEE681A-D0C1-41E4-88C1-271F730CA6C5}
C:\Users\Rawr\AppData\Local\{E17CC0A7-D817-43EC-8E80-97CE779894AA}
C:\Users\Rawr\AppData\Local\{53E2EE5A-96F2-4D9D-924C-D9D3CF9DAEEC}
C:\Users\Rawr\AppData\Local\{576D266C-40A0-4AE2-9F8F-49D77AED86F5}
C:\Users\Rawr\AppData\Local\{EAF19100-C236-4CB5-99FF-430A3D8CB4BB}
C:\Users\Rawr\AppData\Local\{B50C8C63-227E-4940-BA92-322837D1075E}
C:\Users\Rawr\AppData\Local\{023E165A-753F-41CA-8397-4D099D986DEF}
C:\Users\Rawr\AppData\Local\{83FD9828-3ED7-4969-B0C2-41B84204FF9E}
C:\Users\Rawr\AppData\Local\{3AB6BB62-BFB8-461F-9636-A1C9EBFA2F86}
C:\Users\Rawr\AppData\Local\{36FE037D-04BC-4593-85BE-339EB99E73B8}
C:\Users\Rawr\AppData\Local\{08ABCF46-CC68-463E-95C5-4E99DA68AB43}
C:\Users\Rawr\AppData\Local\{8468E2D7-313C-40A4-9AAD-E87F3DAA2FE4}
C:\Users\Rawr\AppData\Roaming\uTorrent
C:\Program Files (x86)\uTorrent

:Commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • E-Set log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Can't get rid of Buzqo. =[

Unread postby jimber03 » December 20th, 2011, 7:18 pm

When I ran the OTL.

It gave an error of "Cannot create file C:\Windows\System32\drivers\etc\Hosts."

I'm not sure but Should I proceed to the next step?
jimber03
Active Member
 
Posts: 5
Joined: December 14th, 2011, 8:34 pm

Re: Can't get rid of Buzqo. =[

Unread postby Gary R » December 21st, 2011, 2:45 am

Try running OTL again please, this time using the script below ....

Code: Select all
SRV - [2011/05/20 12:03:34 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll (StartNow.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3952885012-3661968044-2985114572-1004\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O33 - MountPoints2\{4c275efa-0a2d-11e1-b358-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{4c275efa-0a2d-11e1-b358-5c260a2628dd}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{e5383187-68b1-11e0-8c2e-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{e5383187-68b1-11e0-8c2e-5c260a2628dd}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{f4e1bb3d-a129-11e0-9bb5-5c260a2628dd}\Shell - "" = AutoRun
O33 - MountPoints2\{f4e1bb3d-a129-11e0-9bb5-5c260a2628dd}\Shell\AutoRun\command - "" = E:\setup.exe -a

:files
C:\Users\Rawr\AppData\Local\{27C9D44C-4F0D-4E19-A2BD-986DDE610DD1}
C:\Users\Rawr\AppData\Local\{DBB7C8A9-E634-42E7-A2E3-D1A1EC0723C0}
C:\Users\Rawr\AppData\Local\{00D91E21-89BA-4B9E-B873-22CCF161F96F}
C:\Users\Rawr\AppData\Local\{EE3D661F-2895-46F8-B990-B18379671AEF}
C:\Users\Rawr\AppData\Local\{90668278-7B60-4FD8-A79A-B343D68CFD1B}
C:\Users\Rawr\AppData\Local\{903886C9-6171-43BC-AE46-5526F604AACF}
C:\Users\Rawr\AppData\Local\{E0F0D2E1-D8A7-4DC1-9A14-DB7A511A73D4}
C:\Users\Rawr\AppData\Local\{D10C53F2-357D-4918-8817-3D3FD9DB38AC}
C:\Users\Rawr\AppData\Local\{1DC551F0-326D-4A7D-B040-65CEF2E2F401}
C:\Users\Rawr\AppData\Local\{8A171006-56A2-4230-AF00-B923B740EF93}
C:\Users\Rawr\AppData\Local\{4DBBF984-B48A-4FD6-BD75-ABAC297E62E4}
C:\Users\Rawr\AppData\Local\{84F065AD-9C01-4763-B4A0-C41BC606C4F8}
C:\Users\Rawr\AppData\Local\{5960A182-D553-42FE-8206-C753A38BDBE5}
C:\Users\Rawr\AppData\Local\{39C0458F-F23B-44D1-8C35-BBFB4F79A5D5}
C:\Users\Rawr\AppData\Local\{20702A78-74B7-4AC6-BD64-C21B344A747C}
C:\Users\Rawr\AppData\Local\{61BC73B9-FFEE-470B-850A-7246C27BAD7E}
C:\Users\Rawr\AppData\Local\{CB040899-3864-4813-8BF2-56F7D1F9FC9C}
C:\Users\Rawr\AppData\Local\{8899484D-A67E-4B3E-9CD6-09EF8E2C5990}
C:\Program Files (x86)\StartNow Toolbar
C:\Users\Rawr\AppData\Local\{59ED4CEE-4042-4AD8-9BF9-C599DF62B320}
C:\Users\Rawr\AppData\Local\{25C4E587-B47B-4C72-A761-E1BFBC019C9E}
C:\Users\Rawr\AppData\Local\{F62AFFF7-6F04-4BB5-9298-BDAAEE946CC2}
C:\Users\Rawr\AppData\Local\{5B4DD06C-7D49-4B42-95A0-95CEDC26DB5F}
C:\Users\Rawr\AppData\Local\{8895B98A-6CDD-41B7-9901-84F4DF61C98F}
C:\Users\Rawr\AppData\Local\{23B0B1A4-0095-423E-96DD-12BA735096BB}
C:\Users\Rawr\AppData\Local\{AEC09A48-D433-4130-95FC-B99ABE1A576A}
C:\Users\Rawr\AppData\Local\{D9B02C0F-3ED4-4FCA-9264-939E1ACD1A94}
C:\Users\Rawr\AppData\Local\{37D85586-E3D8-4164-97B7-2BD5F502B5F1}
C:\Users\Rawr\AppData\Local\{6CCC16ED-FFD3-41F8-937C-F49C93B04B7E}
C:\Users\Rawr\AppData\Local\{BF578B44-B6FD-4577-B7EE-734B770AB356}
C:\Users\Rawr\AppData\Local\{1AA95B1B-D7A6-49FE-AD04-87CAD513824B}
C:\Users\Rawr\AppData\Local\{3FB90128-5DEC-4E04-A531-A2450F41B079}
C:\Users\Rawr\AppData\Local\{FED9ACC0-27ED-41E3-90D3-83C25E96A8CD}
C:\Users\Rawr\AppData\Local\{83828103-7123-40ED-9A01-FB4D485D9679}
C:\Users\Rawr\AppData\Local\{45B189D3-C6B5-45FA-90D9-ACBDF2FE1134}
C:\Users\Rawr\AppData\Local\{B841B295-5F8C-4AC6-ACE3-582F1A365ED6}
C:\Users\Rawr\AppData\Local\{655529BA-01EE-4CA9-8091-F5078DA47BB0}
C:\Users\Rawr\AppData\Local\{18C65620-90FA-4918-A126-90265C5CD2ED}
C:\Users\Rawr\AppData\Local\{FFF4A02A-71A7-472C-A833-0B869A85B39D}
C:\Users\Rawr\AppData\Local\{92461499-E83E-4D14-9E59-2542B980121F}
C:\Users\Rawr\AppData\Local\{9413723E-520C-473F-979B-10ADC67FBFC1}
C:\Users\Rawr\AppData\Local\{5152B4D0-D313-48A7-B3DA-8A5461596E65}
C:\Users\Rawr\AppData\Local\{9AC79F06-A576-46B3-8DF2-C9290CC77937}
C:\Users\Rawr\AppData\Local\{36CA4DBE-5209-4E68-B399-AC5AFEF8853C}
C:\Users\Rawr\AppData\Local\{A80153E0-3033-43CD-92B7-4F96F3DE6B5D}
C:\Users\Rawr\AppData\Local\{679F18A5-D1CA-4287-A9AE-9DC9EAFC07EB}
C:\Users\Rawr\AppData\Local\{F9DBD983-7D43-45D6-B370-FD10736C2D1C}
C:\Users\Rawr\AppData\Local\{FDEE681A-D0C1-41E4-88C1-271F730CA6C5}
C:\Users\Rawr\AppData\Local\{E17CC0A7-D817-43EC-8E80-97CE779894AA}
C:\Users\Rawr\AppData\Local\{53E2EE5A-96F2-4D9D-924C-D9D3CF9DAEEC}
C:\Users\Rawr\AppData\Local\{576D266C-40A0-4AE2-9F8F-49D77AED86F5}
C:\Users\Rawr\AppData\Local\{EAF19100-C236-4CB5-99FF-430A3D8CB4BB}
C:\Users\Rawr\AppData\Local\{B50C8C63-227E-4940-BA92-322837D1075E}
C:\Users\Rawr\AppData\Local\{023E165A-753F-41CA-8397-4D099D986DEF}
C:\Users\Rawr\AppData\Local\{83FD9828-3ED7-4969-B0C2-41B84204FF9E}
C:\Users\Rawr\AppData\Local\{3AB6BB62-BFB8-461F-9636-A1C9EBFA2F86}
C:\Users\Rawr\AppData\Local\{36FE037D-04BC-4593-85BE-339EB99E73B8}
C:\Users\Rawr\AppData\Local\{08ABCF46-CC68-463E-95C5-4E99DA68AB43}
C:\Users\Rawr\AppData\Local\{8468E2D7-313C-40A4-9AAD-E87F3DAA2FE4}
C:\Users\Rawr\AppData\Roaming\uTorrent
C:\Program Files (x86)\uTorrent

:Commands
[emptytemp]
[createrestorepoint]


Post me the log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Can't get rid of Buzqo. =[

Unread postby Gary R » December 24th, 2011, 3:00 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware