Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Appdata roaming windows templates authz.exe keeps opening right when i

Started by jbayerr , Feb 09 2013 03:06 PM

Please log in to reply

#1
jbayerr

Posted 09 February 2013 - 03:06 PM

Member

Member
26 posts

here are my otl virus scans.

OTL.txt
OTL logfile created on: 2/10/2013 1:35:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\customer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 75.46% Memory free
15.49 Gb Paging File | 13.43 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 339.34 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 4.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAX | User Name: customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/10 13:33:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\customer\Downloads\OTL.exe
PRC - [2013/02/10 13:17:24 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346528389.exe
PRC - [2013/02/10 13:16:00 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Users\customer\Documents\Windows\winsvchgost.exe
PRC - [2013/02/10 13:15:57 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346673320.exe
PRC - [2013/02/10 13:08:53 | 000,756,736 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
PRC - [2013/02/10 13:08:50 | 000,470,016 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
PRC - [2013/02/10 13:08:14 | 000,301,415 | -HS- | M] () -- c:\users\customer\appdata\local\temp\1347258726.exe
PRC - [2013/02/10 13:07:44 | 000,217,424 | -HS- | M] (Company) -- C:\Users\customer\AppData\Local\Temp\1347230838.exe
PRC - [2013/02/09 10:29:38 | 000,544,768 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
PRC - [2013/02/09 07:17:16 | 000,237,568 | -H-- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
PRC - [2013/02/08 17:40:19 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
PRC - [2013/02/08 17:33:15 | 000,399,872 | RHS- | M] () -- C:\Users\customer\mfpdd.exe
PRC - [2013/02/07 18:05:55 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
PRC - [2013/01/15 22:54:06 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012/12/26 23:08:58 | 001,644,544 | ---- | M] (Zoom Downloader) -- C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe
PRC - [2012/12/25 13:06:12 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files (x86)\UnHackMe\hackmon.exe
PRC - [2012/12/19 22:50:52 | 001,645,856 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/12/15 10:26:38 | 000,811,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/07 18:04:02 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\customer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/08 01:40:37 | 000,218,837 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Uclo\ufat.exe
PRC - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/09/12 23:54:58 | 000,396,416 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
PRC - [2012/09/05 20:00:35 | 000,499,352 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2012/09/05 20:00:30 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012/05/29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012/03/29 02:57:56 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\agcp.exe
PRC - [2010/06/28 17:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/11 09:32:50 | 001,541,472 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/03/03 08:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 08:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/16 14:16:06 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/06/10 16:22:50 | 000,032,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/10 13:17:24 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346528389.exe
MOD - [2013/02/10 13:15:57 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346673320.exe
MOD - [2013/02/10 13:08:14 | 000,301,415 | -HS- | M] () -- c:\users\customer\appdata\local\temp\1347258726.exe
MOD - [2013/02/07 18:18:05 | 012,459,888 | ---- | M] () -- C:\Users\customer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/15 10:17:14 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\07e052b2219f181a8b3da6b7b26cff06\System.Web.ni.dll
MOD - [2013/01/15 10:17:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/15 10:17:06 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9068074964b477b113e4be12d11d21ca\System.Data.ni.dll
MOD - [2013/01/15 10:10:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e\System.Windows.Forms.ni.dll
MOD - [2013/01/15 10:10:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/15 10:09:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e28d850a18bb8287dadb8aa7e3e779fc\System.Xml.ni.dll
MOD - [2013/01/15 10:09:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/15 10:09:29 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/15 10:09:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/10/08 01:40:37 | 000,218,837 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Uclo\ufat.exe
MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2010/03/11 09:32:54 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/03/11 09:32:42 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/03/11 09:32:28 | 000,632,056 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/12/16 14:16:06 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/10/02 10:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/03/28 19:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/10 13:08:52 | 000,697,344 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2013/02/10 13:08:51 | 001,114,112 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2013/02/10 13:08:51 | 000,585,728 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 13:08:50 | 000,470,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe -- (HcwDevCentralService)
SRV - [2013/02/10 13:08:46 | 000,308,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/10 13:08:44 | 000,244,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2003/04/04 14:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/26 16:46:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/25 06:18:26 | 000,576,944 | ---- | M] (Hauppauge Computer Work, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwE5bda.sys -- (hcwE5bda)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/05 08:47:49 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 01:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 01:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 01:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/28 19:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/28 18:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/20 13:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/02/08 08:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 06:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 04:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2013/02/10 13:21:03 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.77searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6OyZjH0Mp6&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2790392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{067D9AAC-CD10-4DEB-BB40-1D20BA76545C}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...GW_enUS437US437
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{8FE0713C-97F0-482B-B047-D0117B9DBE67}: "URL" = http://search.condui...&ctid=CT3237160
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyZjH0Mp6&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}
IE - HKCU\..\SearchScopes\{FB2CFCCE-EC9E-4801-B460-076DF32B74D6}: "URL" = http://search.yahoo....0110627,0,0,0,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/01/05 20:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/10 16:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/27 00:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/01/05 20:12:32 | 000,000,000 | ---D | M]

[2011/06/27 16:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\customer\AppData\Roaming\mozilla\Extensions
[2012/08/12 13:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\customer\AppData\Roaming\mozilla\Firefox\extensions
[2012/08/12 13:57:17 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\customer\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/01/05 20:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.13.20.300_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.13.20.300_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay\nplplaypop.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: South Park = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.4_0\
CHR - Extension: Google Drive = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: XJZ Survey Remover = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh\3.5.0.1_0\
CHR - Extension: Google Chrome = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlddmedljhmbgdhapibnagaanenmajcm\1.0_0\
CHR - Extension: Don't Starve = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Gmail = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper Toolbar) - {9D0F7EB2-452D-4766-B535-8D23E36C300E} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [M0U2QzREMDIzODg2MDZCNk] C:\Users\customer\mfpdd.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [sysmem] C:\Users\customer\AppData\Roaming\sysmem.exe (Quick Heal Technologies Pvt. Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [win32] C:\kernels\drivers.vbs ()
O4 - HKLM..\Run: [Windows Defender] C:\Users\customer\AppData\Roaming\62.exe (Company)
O4 - HKLM..\Run: [winpretenx] C:\Users\customer\AppData\Roaming\wass.exe (Company)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKLM..\Run: [xprsxxm] C:\Users\customer\AppData\Roaming\dad1.exe (Company)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DownloadManager] C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe (Zoom Downloader)
O4 - HKCU..\Run: [FacbookUpdate] C:\Users\customer\AppData\Roaming\FacbookUpdate.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\customer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GamersoulBT] C:\Users\customer\AppData\Roaming\MyFolder\GamersoulBT.exe (Gamersoul)
O4 - HKCU..\Run: [Google Updater] C:\Users\customer\AppData\Roaming\Microsoft\SysAudio.exe (Synth Incorporated)
O4 - HKCU..\Run: [iexplorer] C:\Users\customer\AppData\Roaming\java.exe ()
O4 - HKCU..\Run: [Ihmytole] C:\Users\customer\AppData\Roaming\Uclo\ufat.exe ()
O4 - HKCU..\Run: [Java] C:\Windows\SysWOW64\Java\JavaUpdate.exe ()
O4 - HKCU..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [spoolsv.exe] C:\Users\customer\AppData\Roaming\svchost.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\customer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [sysmem] C:\Users\customer\AppData\Roaming\sysmem.exe (Quick Heal Technologies Pvt. Ltd.)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKCU..\Run: [WinDefender] C:\Users\customer\AppData\Roaming\WinDefender.Exe (IUT)
O4 - HKCU..\Run: [Windows Defender] C:\Users\customer\AppData\Roaming\hal2niga.exe (Quick Heal Technologies Pvt. Ltd.)
O4 - HKCU..\Run: [Windows Microsoft Services] C:\Users\customer\AppData\Local\Temp\homepremium.exe (FZSFTP)
O4 - HKCU..\Run: [winpretenx] C:\Users\customer\AppData\Roaming\wass.exe (Company)
O4 - HKCU..\Run: [xprsxxm] C:\Users\customer\AppData\Roaming\dad1.exe (Company)
O4 - Startup: C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk = C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\customer\mfpdd.exe) - C:\Users\customer\mfpdd.exe ()
F3 - HKCU WinNT: Load - (C:\Users\customer\mfpdd.exe) - C:\Users\customer\mfpdd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 3D 11 5F C0 FC 05 2F 6A 12 04 00 00 00 30 00 00 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 56 6B FF 7A F6 3C 0B 37 14 35 83 50 04 31 CC 19 AE 68 45 42 CE 6A 01 17 EB 7D EF 9A 03 2A 4A 71 66 4F 0D 09 66 61 69 A4 CE 88 32 40 8C 8A 29 EC D9 C0 48 72 79 5D C5 A1 0C 2F 07 CD C4 02 1B 14 FD FB 90 34 27 3E 53 87 74 B0 10 0A 38 6B C7 16 32 79 3F A0 E9 56 A8 D5 12 71 FE B9 5C 7A 74 BE 30 E2 48 53 74 6F 68 27 5C 3E AA F8 49 FC 04 B4 83 B1 08 1A 14 10 E0 C5 2A B8 CB 26 1A B9 A6 C0 6C 07 0F 84 12 EC 70 13 08 6F 57 7C CE 39 AA 26 0C D3 0C 95 1B 49 A1 83 31 0B 54 1C BA 97 19 6F 9C A0 B6 4A 25 71 70 B5 F3 12 56 A8 E6 32 E9 E2 CA 6C E3 1D 8F 95 EF F8 41 61 6B 37 22 4B FA CF 63 54 BD EA B1 7D F3 02 48 07 3B 17 F6 80 65 35 B6 0D 14 E1 0E 27 F3 C6 7C E5 AC 1B A6 E2 12 70 89 68 AC 22 48 84 EF 76 F4 88 0D 23 0B 5A 89 F1 73 3D E0 D1 EF DD 78 38 95 FA 58 97 87 35 41 AE 23 40 D9 83 84 BD 3D AF 1F 7C 23 B3 01 28 2A 59 E6 22 56 A9 46 77 D3 0A E8 03 E1 30 C3 7A 62 E4 90 6A D9 A5 40 F3 FE 2C A0 8B C6 10 35 C3 D7 C3 EB CA CE 7D 7C A3 81 BD 3B 6C 28 93 59 12 33 3A C7 44 87 E2 39 B9 19 B1 BA 47 8C 6C 2B 68 F8 B9 BC 0B A9 C3 20 41 99 65 2C 71 F1 06 EF 90 05 5C 46 D6 82 B8 CE B2 E6 13 A1 93 23 50 2E 50 DD A7 7E 9D 42 1B 20 CD D4 FF 41 F6 F4 2D EB F3 F8 A5 C2 72 BB 72 10 F9 AB B9 CF C8 60 B2 56 8A EC 44 91 37 A0 48 5C 98 C6 58 9B 79 CE 65 74 F1 49 9A 2F 13 64 AB 10 08 50 6B CD 0C A4 07 AE F8 93 09 FA A0 9F 4A C4 98 78 52 9C 7D 25 30 5B 28 13 10 E0 4A A0 FB 4F D1 78 86 6B 7D 4A 51 34 75 FF 5C 39 8E 33 AD 7E 67 32 A7 50 74 E9 CE CF B0 00 86 42 ED 92 1B 18 94 5A AD 59 57 30 2F 7C B8 89 C5 C9 C4 A1 AA 60 C7 75 1A B1 A7 A5 29 C9 A6 9B 6F 9D BE 57 56 74 E3 9A F3 45 8D 66 C0 88 33 42 08 81 FC 76 EC 4F 9C 0C A8 1B 25 84 2D C7 C4 50 3A 8D 19 EE A8 E8 98 BC 93 BF 52 26 5A B8 F3 D7 16 1A D6 47 75 5F 0F 41 80 37 B6 C8 1E AF 8B 4E AB 84 95 79 E5 A6 8C 4D E3 4D 4A 59 7A 4B 68 33 2B 01 17 D9 1C 10 20 BE D5 4F 5D 3C AC 9E 6A 44 B0 57 34 B3 97 F3 EB C9 9B 2F 5E 3C E5 2C 67 56 38 76 91 CE 9D E2 8F 46 71 FB E6 BC D9 4C D8 44 EF 52 85 D6 F0 C2 C7 20 5E 5F 2D 71 90 6D 02 46 E7 99 DF DA C8 58 36 7B 56 3A 5F 11 FD 88 EC 6A 1B F8 D3 39 ED D2 36 25 24 80 D0 51 CE 66 C5 C0 6C 3A 98 88 E6 10 6D F8 94 4A 9F 4D C6 3E DD 25 B8 56 8E FB 4F 7B BA AD 6A CC EC E8 95 D4 6C 4D 6E 3D CE ED 8C 2D FA 41 26 62 13 D2 F2 6C 74 C9 5F 3B BC 8B 06 E4 E8 BA E6 91 C2 BC F5 2A D8 06 E7 C4 C5 94 7B B9 33 30 98 DB 80 C5 76 2F BD 4B 7F 50 F3 9E E9 6D 40 40 62 F5 AE 1F 6B 53 20 8F 9B 7D 34 A5 F2 C0 B6 C3 16 16 55 FA 0D 21 60 AD 85 64 17 ED F4 FD A0 83 82 53 D4 6B 15 75 F4 CB 66 59 4D B3 85 5C 00 54 BD D4 E4 26 F4 8B DA 5C 74 2A 80 FA CF C7 86 C4 38 17 77 74 F2 5A C3 21 29 24 9B 76 01 33 BC E6 05 61 16 B2 76 EF CA 9B 55 C9 D9 AC FB 91 E3 D4 94 02 A6 8D 26 6D C2 FE 0D 76 1E F0 E9 E5 5D 47 55 ED D2 05 37 30 7A 79 B7 97 C5 EE D7 6B 13 29 C1 6A 60 3C 39 E9 9F 3E FA 31 AC 32 66 2C CD 63 AE B3 A1 1D FD 32 BD 4F CF AA 51 B6 37 19 5B AB 93 AD E9 82 B0 27 A8 4B 63 5B 2B BC 1E 80 2C 09 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Windows Defender = C:\Users\customer\AppData\Roaming\hal2niga.exe (Quick Heal Technologies Pvt. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 64029 = c:\progra~3\dxhrkqq.exe (Quick Heal Technologies Pvt. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: winpretenx = C:\Users\customer\AppData\Roaming\wass.exe (Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: xprsxxm = C:\Users\customer\AppData\Roaming\dad1.exe (Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: sysmem = C:\Users\customer\AppData\Roaming\sysmem.exe (Quick Heal Technologies Pvt. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O9 - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O9 - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE462EC-D26F-48CC-9AE9-85B5774CAF04}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F1166FC-0AD1-40F7-87DD-90B2D3AE3D32}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\Java\JavaUpdate.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/04 13:12:58 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7d72a5aa-d1b7-11e0-bd90-1c750821f4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d72a5aa-d1b7-11e0-bd90-1c750821f4d9}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{e7fe4397-4fa3-11e2-993e-1c750821f4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{e7fe4397-4fa3-11e2-993e-1c750821f4d9}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/06/29 07:41:32 | 000,410,312 | R--- | M] (MAXON Computer GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/10 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/02/10 13:21:03 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2013/02/10 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\RegRun2
[2013/02/10 13:20:30 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2013/02/10 13:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2013/02/10 13:20:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/02/10 13:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/02/10 13:07:44 | 000,217,424 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\62.exe
[2013/02/10 12:36:29 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Logs
[2013/02/10 01:55:22 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Install
[2013/02/10 01:53:59 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\WinDbg
[2013/02/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\Windows
[2013/02/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\Services
[2013/02/09 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegTweaker
[2013/02/09 19:06:04 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Kinect
[2013/02/09 18:54:04 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Engaged
[2013/02/09 18:44:46 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Uniblue
[2013/02/09 18:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/02/09 18:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegUtility
[2013/02/09 10:29:38 | 000,544,768 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
[2013/02/09 07:17:16 | 000,237,568 | -H-- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
[2013/02/08 17:54:59 | 000,000,000 | -HSD | C] -- C:\Users\customer\AppData\Roaming\msnmsgr
[2013/02/08 17:40:19 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
[2013/02/08 17:40:02 | 000,673,792 | ---- | C] (Microsoft Corp.) -- C:\Users\customer\AppData\Roaming\egoxwe.exe
[2013/02/08 17:30:06 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Happauge Recorder
[2013/02/07 18:05:55 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Uclo
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Taurog
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Fuwie
[2013/02/06 09:42:33 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\GG3_V1.1.0.2
[2013/02/05 18:50:50 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Audacity
[2013/02/05 18:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/02/05 18:12:35 | 000,000,000 | ---D | C] -- C:\vcs5core
[2013/02/05 18:12:35 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2013/02/05 18:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Voice Changer Software DIAMOND
[2013/02/05 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Voice Changer Software DIAMOND
[2013/02/02 21:00:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/01/29 20:40:16 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Java
[2013/01/28 12:29:27 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Local\GameTuts
[2013/01/27 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/01/27 23:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/01/27 23:28:47 | 000,044,928 | ---- | C] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys
[2013/01/27 23:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2013/01/27 17:40:50 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Nodus
[2013/01/27 17:16:56 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Unlimited Cheating
[2013/01/20 23:51:46 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\MSNInstaller
[2013/01/20 23:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2013/01/19 19:36:51 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\TmForever
[2013/01/19 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2013/01/19 19:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2013/01/19 19:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2013/01/15 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\YourFileDownloader
[2013/01/15 22:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2013/01/15 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\MapleHacks
[2013/01/15 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Maple Backup
[2013/01/15 09:41:36 | 000,000,000 | ---D | C] -- C:\Nexon
[2013/01/15 09:03:23 | 4265,379,000 | ---- | C] (Nexon) -- C:\MSSetupv125.exe
[2013/01/15 07:49:28 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Local\ElevatedDiagnostics
[2013/01/15 07:45:51 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\MSDCSC
[2013/01/07 04:15:06 | 000,865,280 | ---- | C] (IUT) -- C:\Users\customer\AppData\Roaming\WinDefender.Exe
[2012/10/06 19:11:20 | 000,819,712 | ---- | C] (Ufasoft) -- C:\Users\customer\AppData\Roaming\usft_ext.dll
[2012/10/06 19:11:10 | 000,252,416 | ---- | C] (Windows) -- C:\Users\customer\AppData\Roaming\miner.dll
[2009/07/13 18:31:52 | 000,135,168 | -HS- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxmibgpxp.exe
[2009/07/13 18:31:52 | 000,081,920 | -HS- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxleka.exe
[2009/07/13 18:31:52 | 000,073,728 | -HS- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxhrkqq.exe
[2009/07/13 15:46:42 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\customer\AppData\Roaming\For josh.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/10 13:44:00 | 000,002,747 | ---- | M] () -- C:\Users\customer\AppData\Roaming\rsspec01
[2013/02/10 13:39:26 | 000,002,404 | ---- | M] () -- C:\Users\customer\AppData\Roaming\xprdss
[2013/02/10 13:38:28 | 000,001,089 | ---- | M] () -- C:\Users\customer\AppData\Roaming\62
[2013/02/10 13:36:53 | 000,002,672 | ---- | M] () -- C:\Users\customer\AppData\Roaming\xprdssx
[2013/02/10 13:33:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/10 13:21:03 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/02/10 13:20:27 | 000,044,544 | ---- | M] () -- C:\Windows\SysWow64\fbfpnee.exe
[2013/02/10 13:13:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 13:13:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 13:10:28 | 000,041,472 | ---- | M] () -- C:\Users\customer\AppData\Roaming\wmdc.exe
[2013/02/10 13:09:52 | 000,000,065 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/02/10 13:09:16 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\newdefault.ini
[2013/02/10 13:07:44 | 000,217,424 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\62.exe
[2013/02/10 13:05:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/10 13:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/10 13:04:24 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2013/02/10 13:04:14 | 1942,142,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/10 12:54:15 | 000,000,211 | ---- | M] () -- C:\Users\customer\AppData\Roaming\22222222
[2013/02/09 21:30:56 | 000,000,736 | ---- | M] () -- C:\Users\customer\AppData\Roaming\MaxMishkin
[2013/02/09 20:27:18 | 000,000,446 | ---- | M] () -- C:\Users\customer\AppData\Roaming\runmdc
[2013/02/09 12:29:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664367239-3075011552-1143883363-1000UA.job
[2013/02/09 10:29:38 | 000,544,768 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
[2013/02/09 07:22:03 | 000,003,596 | ---- | M] () -- C:\Windows\SysWow64\gmon.out
[2013/02/09 07:18:07 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/09 07:18:07 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/09 07:18:07 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/09 07:17:34 | 000,476,672 | -HS- | M] () -- C:\Users\customer\AppData\Roaming\FacbookUpdate.exe
[2013/02/09 07:17:16 | 000,237,568 | -H-- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
[2013/02/08 18:29:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664367239-3075011552-1143883363-1000Core.job
[2013/02/08 17:40:19 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
[2013/02/08 17:33:15 | 000,399,872 | RHS- | M] () -- C:\Users\customer\mfpdd.exe
[2013/02/07 18:05:55 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
[2013/02/07 15:40:49 | 000,001,223 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Java
[2013/02/07 04:38:30 | 000,197,025 | -H-- | M] () -- C:\Users\customer\AppData\Roaming\hal2u.exe
[2013/02/07 04:38:30 | 000,197,025 | -H-- | M] () -- C:\Users\customer\awt43abr.exe
[2013/02/07 04:38:28 | 000,036,696 | ---- | M] () -- C:\Users\customer\wgsdgsdgdsgsd.exe
[2013/02/06 18:24:29 | 000,064,683 | ---- | M] () -- C:\Users\customer\Desktop\mjong tiles.jpg
[2013/02/06 10:21:38 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Horizon.lnk
[2013/02/05 19:09:00 | 000,172,368 | ---- | M] () -- C:\Users\customer\Documents\rec_Vcs6Core_19-08-41.mp3
[2013/02/02 08:34:03 | 000,018,902 | ---- | M] () -- C:\Users\customer\AppData\Roaming\IIIuR
[2013/02/01 09:00:40 | 000,024,064 | ---- | M] () -- C:\Users\customer\AppData\Roaming\java.exe
[2013/01/18 21:05:18 | 000,000,132 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/15 10:27:37 | 004,895,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/15 10:24:28 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/15 09:41:23 | 4265,379,000 | ---- | M] (Nexon) -- C:\MSSetupv125.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/02/10 13:20:27 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\fbfpnee.exe
[2013/02/10 01:54:29 | 000,000,211 | ---- | C] () -- C:\Users\customer\AppData\Roaming\22222222
[2013/02/09 21:25:46 | 000,001,089 | ---- | C] () -- C:\Users\customer\AppData\Roaming\62
[2013/02/09 18:25:05 | 000,000,736 | ---- | C] () -- C:\Users\customer\AppData\Roaming\MaxMishkin
[2013/02/09 16:17:50 | 000,000,446 | ---- | C] () -- C:\Users\customer\AppData\Roaming\runmdc
[2013/02/09 10:31:07 | 000,002,508 | ---- | C] () -- C:\Users\customer\AppData\Roaming\rsspec01
[2013/02/09 07:22:11 | 000,041,472 | ---- | C] () -- C:\Users\customer\AppData\Roaming\wmdc.exe
[2013/02/09 07:17:36 | 000,476,672 | -HS- | C] () -- C:\Users\customer\AppData\Roaming\FacbookUpdate.exe
[2013/02/08 17:40:51 | 000,002,672 | ---- | C] () -- C:\Users\customer\AppData\Roaming\xprdssx
[2013/02/08 17:33:15 | 000,399,872 | RHS- | C] () -- C:\Users\customer\mfpdd.exe
[2013/02/07 18:06:26 | 000,002,404 | ---- | C] () -- C:\Users\customer\AppData\Roaming\xprdss
[2013/02/07 04:39:00 | 000,001,223 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Java
[2013/02/07 04:38:30 | 000,197,025 | -H-- | C] () -- C:\Users\customer\AppData\Roaming\hal2u.exe
[2013/02/07 04:38:30 | 000,197,025 | -H-- | C] () -- C:\Users\customer\awt43abr.exe
[2013/02/07 04:38:28 | 000,036,696 | ---- | C] () -- C:\Users\customer\wgsdgsdgdsgsd.exe
[2013/02/07 04:38:28 | 000,003,596 | ---- | C] () -- C:\Windows\SysWow64\gmon.out
[2013/02/06 18:24:29 | 000,064,683 | ---- | C] () -- C:\Users\customer\Desktop\mjong tiles.jpg
[2013/02/06 10:21:38 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Horizon.lnk
[2013/02/05 19:08:48 | 000,172,368 | ---- | C] () -- C:\Users\customer\Documents\rec_Vcs6Core_19-08-41.mp3
[2013/02/05 18:49:01 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/02/02 08:34:03 | 000,018,902 | ---- | C] () -- C:\Users\customer\AppData\Roaming\IIIuR
[2013/02/01 09:00:40 | 000,024,064 | ---- | C] () -- C:\Users\customer\AppData\Roaming\java.exe
[2013/01/08 20:27:47 | 000,000,132 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/07 04:15:36 | 000,034,949 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Youtube
[2012/12/30 10:54:24 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/08 17:19:08 | 000,004,662 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/12/04 18:56:47 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe
[2012/12/04 18:56:47 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe
[2012/12/04 18:53:28 | 000,290,500 | ---- | C] () -- C:\Users\customer\AppData\Local\funmoods-speeddial_sf.crx
[2012/12/04 18:53:24 | 000,031,465 | ---- | C] () -- C:\Users\customer\AppData\Local\funmoods.crx
[2012/10/06 19:11:51 | 000,000,000 | ---- | C] () -- C:\Users\customer\AppData\Roaming\True
[2012/10/06 19:11:22 | 000,206,858 | ---- | C] () -- C:\Users\customer\AppData\Roaming\phatk.ptx
[2012/10/06 19:11:09 | 000,033,792 | ---- | C] () -- C:\Users\customer\AppData\Roaming\svchost.exe
[2012/08/28 06:50:42 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\newdefault.ini
[2012/02/11 12:51:32 | 000,001,271 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Roaming - Shortcut.lnk
[2011/12/03 09:48:17 | 000,002,133 | ---- | C] () -- C:\Users\customer\.recently-used.xbel
[2011/11/18 07:26:01 | 000,000,017 | ---- | C] () -- C:\Users\customer\AppData\Local\resmon.resmoncfg
[2011/10/27 07:37:30 | 000,000,000 | ---- | C] () -- C:\Users\customer\AppData\Local\{5EEC4BAB-6255-4B69-AE61-0C9320927B59}
[2011/08/29 17:58:04 | 000,000,065 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/06/25 17:53:04 | 000,033,134 | ---- | C] () -- C:\Users\customer\AppData\Roaming\UserTile.png
[2011/06/23 09:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/22 07:13:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/22 07:13:33 | 000,054,520 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2011/06/22 07:13:33 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/06/22 07:13:33 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2009/07/13 18:31:52 | 000,036,696 | -HS- | C] () -- C:\ProgramData\dxksaoqiu.exe
[2009/07/13 18:31:52 | 000,017,408 | -HS- | C] () -- C:\ProgramData\dxugedtae.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/04 09:07:13 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\.minecraft
[2012/02/11 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\.Nitrous
[2013/02/05 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Audacity
[2011/09/05 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Blueberry
[2011/08/25 19:04:11 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/26 16:11:29 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
[2013/02/05 07:10:45 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\dclogs
[2013/02/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Engaged
[2013/02/06 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Fuwie
[2011/12/03 09:47:53 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\gtk-2.0
[2013/02/10 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Install
[2013/02/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Kinect
[2013/02/10 12:36:30 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Logs
[2011/09/05 08:48:14 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\LogSys
[2013/02/10 00:09:15 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\MAXON
[2013/01/20 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\MSNInstaller
[2013/02/08 17:54:59 | 000,000,000 | -HSD | M] -- C:\Users\customer\AppData\Roaming\msnmsgr
[2012/08/27 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\MyFolder
[2012/09/09 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\OpenCandy
[2012/08/02 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\PC Speed Maximizer
[2012/11/30 19:20:54 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Publish Providers
[2011/10/30 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Rovio
[2013/01/07 21:24:32 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Screaming Bee
[2012/12/04 22:38:20 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Sony
[2012/12/06 21:01:16 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Sony Creative Software Inc
[2013/02/05 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Spotify
[2011/08/31 16:24:39 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\SystemRequirementsLab
[2013/02/10 13:50:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Taurog
[2011/08/31 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Tific
[2013/02/06 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Uclo
[2013/02/09 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Uniblue
[2012/10/12 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Unity
[2013/01/27 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Unlimited Cheating
[2013/02/05 20:21:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\uTorrent
[2011/06/27 16:11:30 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\WeatherBug
[2013/02/10 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\WinDbg
[2013/01/09 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\WindSolutions
[2012/12/27 00:39:46 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/01/15 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\YourFileDownloader

========== Purity Check ==========

< End of report >

and here is the extras one

OTL Extras logfile created on: 2/10/2013 1:35:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\customer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 75.46% Memory free
15.49 Gb Paging File | 13.43 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 339.34 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 4.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAX | User Name: customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2664367239-3075011552-1143883363-1000]
"EnableNotifications" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\For josh.exe" = C:\Users\customer\AppData\Roaming\For josh.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\awt43abr.exe" = C:\Users\customer\awt43abr.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\customer\AppData\Roaming\hal2u.exe" = C:\Users\customer\AppData\Roaming\hal2u.exe:*:Enabled:Windows Messanger -- ()
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\AppData\Roaming\wass.exe" = C:\Users\customer\AppData\Roaming\wass.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347371834.exe" = C:\Users\customer\AppData\Local\Temp\1347371834.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1430368838.exe" = C:\Users\customer\AppData\Local\Temp\1430368838.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Roaming\dad1.exe" = C:\Users\customer\AppData\Roaming\dad1.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347148844.exe" = C:\Users\customer\AppData\Local\Temp\1347148844.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\hal2niga.exe" = C:\Users\customer\AppData\Roaming\hal2niga.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\sysmem.exe" = C:\Users\customer\AppData\Roaming\sysmem.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Local\Temp\1358692202.exe" = C:\Users\customer\AppData\Local\Temp\1358692202.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\62.exe" = C:\Users\customer\AppData\Roaming\62.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347230838.exe" = C:\Users\customer\AppData\Local\Temp\1347230838.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\For josh.exe" = C:\Users\customer\AppData\Roaming\For josh.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\awt43abr.exe" = C:\Users\customer\awt43abr.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\customer\AppData\Roaming\hal2u.exe" = C:\Users\customer\AppData\Roaming\hal2u.exe:*:Enabled:Windows Messanger -- ()
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\AppData\Roaming\wass.exe" = C:\Users\customer\AppData\Roaming\wass.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347371834.exe" = C:\Users\customer\AppData\Local\Temp\1347371834.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1430368838.exe" = C:\Users\customer\AppData\Local\Temp\1430368838.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Roaming\dad1.exe" = C:\Users\customer\AppData\Roaming\dad1.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347148844.exe" = C:\Users\customer\AppData\Local\Temp\1347148844.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\hal2niga.exe" = C:\Users\customer\AppData\Roaming\hal2niga.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\sysmem.exe" = C:\Users\customer\AppData\Roaming\sysmem.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Local\Temp\1358692202.exe" = C:\Users\customer\AppData\Local\Temp\1358692202.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\62.exe" = C:\Users\customer\AppData\Roaming\62.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347230838.exe" = C:\Users\customer\AppData\Local\Temp\1347230838.exe:*:Enabled:Windows Messanger -- (Company)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070F4F75-C779-4DD4-BBFF-8EB9AB583476}" = lport=137 | protocol=17 | dir=in | app=system |
"{132CBB95-4D39-46D6-BE55-0B8415708971}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BFB3CFC-00AF-43B8-A599-B224793ACF52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EDB714B-227D-4916-9EF3-48466AD61FC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29B487F0-45A1-41EA-A0C2-9AD6238CEC4D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3009DB0D-D86F-4648-89EF-537254E021A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4798E717-B82A-408C-BF63-79147609F6E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{49181287-5365-4008-92CE-3AC2294D46A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{497A01B4-BA3C-41E7-BC3A-68B1683FD1C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A74B911-965D-43B9-87EB-579D03E70CD9}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D8F5644-1DA3-485F-ADFB-55A53774052B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6612A948-8489-420B-9E50-EAFAE7E9F029}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66F56135-BFF2-47A1-A8B6-84B29B30E4E7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B6A5D4C-3C2F-4A6C-9D36-952F1F9A8D09}" = lport=138 | protocol=17 | dir=in | app=system |
"{88EC1056-9664-421E-AE1D-30493253DE33}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A03AAD28-6C84-46CA-8B7F-E6DF18D7C925}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC7E5074-56D4-4C9A-A9C5-7FC625FF4F6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD0009F7-3C7D-4F4D-858C-52BE53BE667E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE96B054-36A0-4183-ACB6-4F55C4915C12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4AD28A5-32FE-450D-AA3D-7981258E08D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9BAF6EC-7F96-483E-846F-5A7745A081FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCBC70DB-2AE5-4CF4-BF88-460074959C5B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E569EE75-CE17-4D40-9F6E-8DFD8D5A0800}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE569886-A055-4DB1-81E4-D4D9AD6AE949}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6BEB4B8-60F1-442E-AC97-92A92EE571F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08379FF9-2C1E-48B7-BDF1-7272C5E81987}" = protocol=17 | dir=in | app=c:\users\customer\downloads\crossfire_downloader.exe |
"{0BFC370D-2249-4598-828D-2D5C13C6E00B}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{0CD06F53-6B51-4F12-91F8-90B00F071A65}" = protocol=17 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-service.exe |
"{0CDCF9BE-B41B-4BE6-84CD-7CA473A79DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{0DFA7A57-B287-4BF8-8034-F250626FB1F4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0E0AF901-9971-41A2-8A5F-565261C408A9}" = protocol=6 | dir=in | app=c:\users\customer\downloads\crossfire_downloader.exe |
"{0FBA5C7D-5A39-4E0B-AE40-10043E135C40}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{162446DC-5010-434A-9C6E-2B9E8FDB86E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EB1694C-7D96-47BD-8F95-AFAC0CC27FE3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2276B45A-1FA0-4E79-9447-64A397786288}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22ECFA8F-4767-4A29-BCF8-CB9D8FAA37A4}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{24FA07E5-4AE0-46C6-A662-5E363A00DC60}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2566BD3B-DB8A-44DC-AE8B-938320D44C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{281494E0-C756-4B57-930A-BD982A903BFF}" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"{2BAB73B1-C00B-43D9-AA6B-EBFB62CE1976}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E770A80-9FD3-4B70-8895-916F9BDA8D6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{388F699D-D625-4503-A6FA-AB9772A5124E}" = protocol=17 | dir=in | app=c:\program files (x86)\subsonic\subsonic-service.exe |
"{39344C60-7E7F-4499-AF5D-D360E09A5C04}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{3E0C4CCC-E8A8-4EEF-AF50-60A1E5CD151F}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{3FEDE4ED-2925-4471-A0F3-7D7E90DAA234}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{403249AE-C6FA-48A6-861D-F1ABE95E21DB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{403355D6-8082-4A24-B1A8-521C546AC5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"{404F9D0D-FA16-4838-9811-E45141ACBD97}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{41D8E65E-E3BB-41BB-9324-29A09B9D81A6}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{44DEA33A-CB03-447A-B9A2-2B95DC17E0E3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{48D2AF0E-4369-4AA0-BF22-4686C0E8981F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49550D90-1764-45FD-B229-D752D818C761}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BA4A6A4-E009-411B-9B6A-F4AB55274836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{4EBB8615-30A1-44AB-9DC9-70994E3499F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50B7CD20-FAEC-4823-8FEF-3F92047C21B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5151E8EE-511E-4905-977B-388CAC5E924D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{567E9D11-4B5F-4EF3-B609-BBCE0BAD6677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5721FD0E-B1F5-422C-BF76-5F488218D695}" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"{5742F965-668D-45F7-9747-EECB1BBDE4F5}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{591A1254-FB9C-4365-83CD-ED7C72643A9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{5B23730B-7E8B-47B4-ADEB-7379B593C954}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5E6CDAC5-8DEB-4A95-9044-82DA31AD39D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62CDF8F7-DE3E-47E4-8C2A-A338F56040AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6871DBB4-A288-4342-BAB1-91C3A889E7C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68A58B9C-8FB0-40E3-9C0B-CF5F1CA6906E}" = protocol=58 | dir=out | [email protected],-503 |
"{6BB13321-3080-45B6-B422-FBC004FDF95E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{73220D07-7CC5-484C-AE02-117BDB0A375B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{765166E9-CAD6-4EFA-9340-998358D2721E}" = protocol=58 | dir=in | app=system |
"{78D996D4-D6C2-4F39-B1C7-414DDFF1284D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"{7B00C289-C762-428E-A0F7-7B93C4563DCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EEA2A0B-7C49-480A-A9DC-5D4C6763E112}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{7EEB34F7-3B24-4A2B-90DF-4D069A50082C}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{82EE32E7-0117-4A59-9CFB-44BDBCACACA2}" = protocol=58 | dir=out | [email protected],-28546 |
"{86C6D66B-C95F-4FAF-9EBB-86F5EEAC3DFC}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{87B7A988-3671-4FFF-8CAB-8989A4A558D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{88F08FA6-B93C-411B-99E0-35F76FC4000F}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{8DFC1826-C368-4C73-BDE4-D02802D74ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{921164BD-8084-4D12-A86B-E9D1C72A12A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{92AC9925-01C1-4D33-80CD-3F33C02E48C9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{93752EED-FC37-48C6-BBCF-556DF4AE4FF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94A5C970-BAAA-414D-B844-36C78C02E1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{95BABD67-5F32-43A5-8ED5-B8EBF9C1B778}" = protocol=17 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-agent.exe |
"{95CCEF94-9AEE-4EB8-9F25-4C8B019A6EA7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{95FA1701-16EB-4C24-B085-38BB0C49FCDA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9A0F687D-3B25-438A-A21E-314726F3C9AE}" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9B736F72-12D3-44DA-86E1-F619BDD3B9CF}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{9CE0EF0D-A3CD-4C8E-BCDC-3BF79A9FC36F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E7F3B0C-71AE-4A9A-950A-EA40B26A35BF}" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"{9E9C66C0-C55C-4386-9292-458092EEC00B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9EC9EBEF-65F6-4F52-89B0-9F0BDBAA2AAD}" = protocol=17 | dir=in | app=c:\program files (x86)\subsonic\subsonic-agent.exe |
"{9EE15343-95B2-4BD2-8A6D-F53305E644D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FF0925B-EA1E-403E-AAF9-D8B29C433B10}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A25B32EF-9823-4327-9544-B1EDB1EB7B80}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{A2E53D51-4035-4C58-81FF-326ABD136BDE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2EA63AB-A4BE-4467-A4CD-369ABE2A6866}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A3CF4411-0299-4348-9D71-1DB5F2504897}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A4D486CB-08BE-4D6F-8861-D28B456404A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A66214F9-331A-4CFE-9D51-4E2F6C7F567A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7DED61A-2EBE-4A47-BEDF-066026FFC003}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF1239A2-6D6A-4740-A9DB-C3C411966EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B128ABC3-4260-46A7-85EE-93421B0FD4AD}" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B46ACD0E-FB98-4F51-B83D-0156A90E0DF9}" = dir=in | app=c:\users\customer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{B5F58F7B-CC63-4C8E-9CE2-64B6D04DDB4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8129E64-279B-4182-86AF-5B30F0290CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{BB3B18E4-F1C7-41C1-9E6C-22796AA1B21C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BD75C3F6-0394-47A4-BEC4-4FC500499FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C171BAA5-CE7D-418C-8FC8-C35F2D8BFB82}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{C4D600CE-8BCB-4F1D-B11C-198A937205E8}" = protocol=6 | dir=in | app=c:\program files (x86)\subsonic\subsonic-agent.exe |
"{C52B5210-3525-4EB7-B495-00163CAC4C03}" = protocol=58 | dir=in | [email protected],-28545 |
"{C9AF863C-E2B2-47C8-A17D-771A521581F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB031F2F-1BD3-4A6D-BCAF-DE609AEDED4B}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{CC5A904D-C729-4D53-BE32-72F8B77C0BAE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CDF67B04-BC0A-4AEE-974D-674778923D34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1A101DD-C3EF-455B-A6F6-5E2890F7BC32}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D1A257A7-1140-45B1-B38E-5A5C55AEF304}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D3181234-A1CB-463F-B52C-AE033E766571}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D84B3C55-8A55-4481-842E-5DFABF8F488D}" = protocol=6 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-agent.exe |
"{D9C8F546-EF70-4614-84ED-826E813852D9}" = protocol=1 | dir=in | [email protected],-28543 |
"{E0D75E0C-97DD-4068-8733-E91FCABB2622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"{E13C6E14-E5F1-4710-BE1C-9357C926D0B9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E3CD56CD-9826-46EC-A98E-9D44EC6E536F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5EE9A79-4920-4798-88E5-56101C8FB33F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6E4BC2A-E70C-479B-8A48-B652BCBC549C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{E827868B-6927-48D0-A401-5CAFDD1147D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9339C8F-9170-468E-9B7D-5F6DE4A2C4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\subsonic\subsonic-service.exe |
"{EA48B0A6-0BA9-4CBC-8E11-BD818EFE45A5}" = protocol=6 | dir=out | app=system |
"{EA702A4D-B6DF-420B-A60D-E4685BE30718}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F15796E0-5B01-489D-9D25-3346F6AF8458}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{F2593C9A-6F4B-4CA0-9470-CCF006305564}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F28DD476-22C3-4DE7-A8F6-97CAB391E5B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47F7812-0EF7-4FC7-A97A-6698581DBBF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{F58997DE-4335-4F6C-8537-5AEB38E11B43}" = protocol=6 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-service.exe |
"{F8A36019-A401-4524-A44E-21BE056F884B}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{FAE2AD9D-07BB-4360-8F2F-9ECDABD112EC}" = protocol=1 | dir=out | [email protected],-28544 |
"{FBAAA707-2C2F-4F8F-8F86-8F921531396C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{FCDF8BD2-8EAB-4212-89F2-67D6748A1F49}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{0C70DFFD-C88F-4278-A34E-1176CBE6B927}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{0E6B2980-6348-44D1-8F1F-58CD748E3E2B}C:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{1909E1B1-9177-47D1-960F-E9E2F981C0ED}C:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{1B6AE4DF-03FE-4DED-9BBA-BD0DA27A3742}C:\users\customer\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\customer\desktop\skype.exe |
"TCP Query User{2B0BD8AE-9CE1-48BF-AC6B-B5FBD86CC8B6}C:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"TCP Query User{3105C7F7-15E7-4687-B2E1-1FC2CE7A6D06}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{33CB364A-13DC-4BB3-A0A8-62E40EE9928B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{35223F44-2013-42DB-9D6F-CF23BFD9A2C3}C:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{3FA8FDAB-E10A-4667-9F3E-F0CA97877E89}C:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{5FC94679-C140-47D1-BCB4-861380295249}C:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{62215796-C8AB-4C73-85AC-64C5D9C5B656}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{67D5A365-DDDE-4A90-8A79-7B65EDE85B60}C:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{6B806C12-8B11-4678-AE90-5E48E77C4737}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{7C59577D-DDB8-4AF3-B3A9-585BEB5BEF5F}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{8043BFF3-CDDA-4040-A299-BD92419DF4A6}C:\users\customer\appdata\roaming\uclo\ufat.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\uclo\ufat.exe |
"TCP Query User{842D0CBB-811F-4F96-8830-164DCAAA41E6}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{8E1D6D32-9AF7-4BA5-9359-1B668251EBC7}C:\users\customer\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9471F6C6-D22F-4EBD-900D-C80E816814D5}C:\program files (x86)\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"TCP Query User{981206A4-B8F8-48F9-8699-F3334E4B3E62}C:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{B7A0E0A3-47AC-40AE-97CE-399F9CAEE4FD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D9A28C78-4404-408A-855C-80EFFA6E9E47}C:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{DCB25DA8-4C49-49D8-97DC-948E3B5C178D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{DD03A665-BD7E-4B2B-A1BB-AAF7EA5A4051}C:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{E0A0BE93-31F0-4503-9593-3913A7FB2814}C:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{E4EB3482-B6D0-49C1-AA08-8E1C78086780}C:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe" = protocol=6 | dir=in | app=c:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe |
"UDP Query User{0435F9EF-0FC4-49B6-BA48-113D815D5285}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{298DD58F-1E0C-4066-9008-D55946555F07}C:\users\customer\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"UDP Query User{358F6310-23E8-486A-85AE-34C86675C628}C:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe" = protocol=17 | dir=in | app=c:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe |
"UDP Query User{3ABA1953-2946-4E85-9A73-FE9AF51C80B0}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4259D52E-1A1B-4721-BC83-303239C1B4A9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{44B85A46-16A1-423B-ACAC-42E96EB0F095}C:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{5D44C91D-DACC-4BAE-941D-5B1725FAD823}C:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{715F4EEC-82C2-466B-9BE7-9A089AFFFA6E}C:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{7F171329-EBD5-43A6-9B58-BE0EDB053EAD}C:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{9172C972-9EC1-4BCC-954A-0183772CAF7A}C:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{92B204C3-6D13-4FF2-BF2A-E0028E3E6A02}C:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{9920E655-D8B0-44A2-B8C7-69299F7CE110}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{9BF7D449-1FEC-45CC-9C0F-9B83D3E6EE25}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{9D943BFF-77F5-44C4-91E2-D224F390893B}C:\users\customer\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\customer\desktop\skype.exe |
"UDP Query User{A6867ED9-2ABE-432C-90E3-EB8C945E0574}C:\program files (x86)\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"UDP Query User{AB01D493-D63F-4CD5-A572-E3BE29462A45}C:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"UDP Query User{BB65E874-8D88-4345-91A3-E99DEFEFC937}C:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{C30DF455-AA6D-479A-BC75-AC7FD1F61B2F}C:\users\customer\appdata\roaming\uclo\ufat.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\uclo\ufat.exe |
"UDP Query User{C8C19D10-BA3F-4ECC-AD55-33B7B264E7E7}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{E1B672A0-2727-4318-BD57-B7DF50F31E5A}C:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{E5DF17A8-525C-47EA-9DAC-D38370AF59C1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E9F9E5F5-62B2-4932-8E65-ED881F44843B}C:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{EF76C5E8-DD86-41E2-AFD6-692AECB06904}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F9CB5C32-D8EF-4237-8AB4-74B925290DA5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{FA86C445-A192-44D4-A3EB-4F8420E62A8D}C:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AF333DE-057E-489C-9D1C-CE348AF7D1B8}" = MorphVOX Pro
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30A0F8D9-709B-451C-BFB3-D8559F4797F8}" = Fantapper Browser Plugin
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6e34608d-f6da-4dd4-8f4e-69bac17a2e92}" = Nero 9 Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.3
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"BB FlashBack Express" = BB FlashBack Express
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cross Fire_is1" = Cross Fire En
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.10.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hauppauge Device Central" = Hauppauge Device Central
"Identity Card" = Identity Card
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InternetHelper Toolbar" = InternetHelper Toolbar
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"MapleStory" = MapleStory
"MSNINST" = MSN
"NetTools_is1" = NetTools 5.0
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"RealPlayer 15.0" = RealPlayer
"TmNationsForever_is1" = TmNationsForever
"UnHackMe_is1" = UnHackMe 5.99 release
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.7
"Wajam" = Wajam
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Zoom Downloader" = Zoom Downloader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"NetAssistant" = Freeze.com NetAssistant
"Spotify" = Spotify
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2013 1:30:47 AM | Computer Name = max | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files (x86)\Brand
Affinity Technologies\Fantapper Browser Plugin\adxloader.dll.Manifest".Error in
manifest or policy file "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper
Browser Plugin\adxloader.dll.Manifest" on line 2. The manifest file root element
must be assembly.

Error - 2/4/2013 1:31:54 AM | Computer Name = max | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/4/2013 2:49:30 AM | Computer Name = max | Source = .NET Runtime | ID = 1026
Description =

Error - 2/4/2013 2:49:32 AM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: GG3.exe, version: 0.0.0.0, time stamp:
0x50f8da10 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x04dd95fd Faulting process id: 0xe34 Faulting application
start time: 0x01ce02a2b425388c Faulting application path: C:\Users\customer\Desktop\GG3_V1.1.0.1\GG3.exe
Faulting
module path: unknown Report Id: 0719a22e-6e97-11e2-90da-1c750821f4d9

Error - 2/5/2013 6:21:27 PM | Computer Name = max | Source = .NET Runtime | ID = 1026
Description =

Error - 2/5/2013 6:21:31 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 1.1.0.0, time stamp:
0x506f305c Faulting module name: KERNELBASE.dll, version: 6.1.7600.17179, time stamp:
0x50b83f8a Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting process id:
0xbbc Faulting application start time: 0x01ce03ef19a7d862 Faulting application path:
C:\Users\customer\AppData\Roaming\svchost.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 63df64a1-6fe2-11e2-9645-1c750821f4d9

Error - 2/5/2013 6:50:21 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.10.0.116, time stamp:
0x50001496 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0, time stamp:
0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x0fa167e0 Faulting process id:
0xacc Faulting application start time: 0x01ce03f2d30ad28f Faulting application path:
C:\Users\customer\Desktop\Skype.exe Faulting module path: Vcs6Hook.dll Report Id:
6b038662-6fe6-11e2-9645-1c750821f4d9

Error - 2/5/2013 6:50:59 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.97, time
stamp: 0x50be88d8 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x038e67e0 Faulting
process id: 0x118c Faulting application start time: 0x01ce03ef49abfb6e Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: Vcs6Hook.dll Report Id: 8179f9d5-6fe6-11e2-9645-1c750821f4d9

Error - 2/5/2013 6:54:50 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16667,
time stamp: 0x4c7dc5a1 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x04ee67e0 Faulting
process id: 0x784 Faulting application start time: 0x01ce03f3c9b175e1 Faulting application
path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path:
Vcs6Hook.dll Report Id: 0b552307-6fe7-11e2-9645-1c750821f4d9

Error - 2/5/2013 7:04:05 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.97, time
stamp: 0x50be88d8 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x044567e0 Faulting
process id: 0xaf0 Faulting application start time: 0x01ce03f3469a4316 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: Vcs6Hook.dll Report Id: 5622c447-6fe8-11e2-9645-1c750821f4d9

[ System Events ]
Error - 2/10/2013 2:08:46 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Microsoft .NET Framework NGEN v4.0.30319_X86 service is marked
as an interactive service. However, the system is configured to not allow interactive
services. This service may not function properly.

Error - 2/10/2013 2:08:48 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The COM+ System Application service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 2/10/2013 2:08:49 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Google Update Service (gupdate) service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 2/10/2013 2:08:50 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Google Software Updater service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 2/10/2013 2:08:50 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The HcwDevCentralService service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 2/10/2013 2:08:51 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Nero BackItUp Scheduler 4.0 service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 2/10/2013 2:08:51 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Steam Client Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 2/10/2013 2:08:52 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Adobe SwitchBoard service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 2/10/2013 2:09:46 PM | Computer Name = max | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%-2147417831

Error - 2/10/2013 2:10:13 PM | Computer Name = max | Source = DCOM | ID = 10010
Description =

< End of report >

#2
emeraldnzl

Posted 09 February 2013 - 03:35 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello jbayerr,

Welcome to Geekstogo.

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
Click on Scan
Wait for the scan to finish.
The report is created on your desktop.
Click on the Delete button
The report is created on your desktop.
Next click on the ShortcutsFix button.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

After that

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
RKreport.txt
ComboFix.txt

#3
jbayerr

Posted 09 February 2013 - 07:59 PM

Member

Topic Starter
Member
26 posts

Thank you for trying to help but whenever i run those two scanners you linked me too they scan for a bit then my computer monitor goes black and shows this blue screen and it tells me that it shuts down my computer to protect it from something, help please?

#4
emeraldnzl

Posted 09 February 2013 - 08:10 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Okay we might re-visit them but for now.

Please download Security Check by screen317 from here .

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#5
emeraldnzl

Posted 09 February 2013 - 08:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello jbayerr,

Further to my last post.

If you still have trouble running tools tell me and we will try a different approach.

#6
jbayerr

Posted 09 February 2013 - 08:56 PM

Member

Topic Starter
Member
26 posts

hey this thing is taking awhile to run cause this authz.exe is really show my computer down so ill post the resulsts asap

#7
emeraldnzl

Posted 09 February 2013 - 09:00 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Leave that if it is having difficulty.

See if you can do this one. If not tell me.

In order for this to work, you could need a second PC which is not infected and a USB flash drive or blank CD and CD burner or some other means to transfer files from one computer to the other.

Download Chameleon from the Malwarebytes site.
Unzip the contents of the zip-file to a folder in a convenient location on the infected computer.
If you were unable to do this directly on the infected PC, then copy the folder from the clean computer to the infected one.
Make certain that your infected PC is connected to the internet and then open the folder you created or copied, on your infected computer and double-click on svchost.exe.
Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.
Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click OK when it says that the database was updated successfully
Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan
Upon completion of the scan, if anything has been detected, click on Show Results
Have Malwarebytes Anti-Malware remove any threats that are detected and click Yes if prompted to reboot your computer to allow the removal process to complete
After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats
The logs are automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire reports in your next reply.

#8
jbayerr

Posted 09 February 2013 - 09:06 PM

Member

Topic Starter
Member
26 posts

Hey sorry for all the trouble but that link is broken and i currently do not have another pc in my house

#9
emeraldnzl

Posted 09 February 2013 - 09:18 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hey sorry for all the trouble

No trouble.

but that link is broken

Works for me so I am thinking it is being blocked by the malware.

i currently do not have another pc in my house

Okay let's look at another option.

I wonder if can you download Malwarebytes direct?

Try this:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#10
jbayerr

Posted 09 February 2013 - 09:20 PM

Member

Topic Starter
Member
26 posts

i think the programs you are sending me are working except for the rogue one and the combofix one those two just gave me a blue screen, but this authz.exe really slows my computer down like wherever the ouse is on my screen it refreshes every 2 seconds and its really bad so i am still going to run this security check until you can get back with another program.

#11
emeraldnzl

Posted 09 February 2013 - 10:33 PM

GeekU Instructor

GeekU Moderator
20,051 posts

That's okay. Do what you think is best.

The Security Check one won't fix anything. It was just to see if you had a security program getting in the way of downloading or running the tools we really want to use.

Rogue Killer, ComboFix and Malwarebytes will all attack malware and in particular the malware on your machine.

Clearly the malware is preventing easy use of these tools and we need to persist and find a way around the problem.

You might try running ComboFix in Safe Mode, that might circumvent any security program.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.

#12
jbayerr

Posted 09 February 2013 - 10:56 PM

Member

Topic Starter
Member
26 posts

Ok thank you i will try that.

#13
emeraldnzl

Posted 09 February 2013 - 10:58 PM

GeekU Instructor

GeekU Moderator
20,051 posts

#14
jbayerr

Posted 09 February 2013 - 11:51 PM

Member

Topic Starter
Member
26 posts

hey so i ran it in safe mode and it worked really well and then at like number 49 it just sat there for about half an hour so i canceled out... sorry if i wasnt supposed to but do you know why that happened? thanks.

#15
emeraldnzl

Posted 10 February 2013 - 12:10 AM

GeekU Instructor

GeekU Moderator
20,051 posts

hey so i ran it in safe mode and it worked really well and then at like number 49 it just sat there for about half an hour so i canceled out

Sometimes ComboFix can stop and appear to be doing nothing for quite sometime. Half an hour... probably time to move on; actually I usually say to leave it an hour and then stop.

As it is, it looks like some progress was made, maybe we have something to look at.

Let's see if you can find some data:

Go to Start > Search programs and files and type in:

:\QooBox\LastRun\

Data from failed CF runs are stored there.

You should be able to find the data for the failed run there.

Copy and paste back here.

If you can't find it, run ComboFix again and see if it finishes this time.