OTL.txt
OTL logfile created on: 2/10/2013 1:35:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\customer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 75.46% Memory free
15.49 Gb Paging File | 13.43 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 339.34 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 4.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MAX | User Name: customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/10 13:33:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\customer\Downloads\OTL.exe
PRC - [2013/02/10 13:17:24 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346528389.exe
PRC - [2013/02/10 13:16:00 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Users\customer\Documents\Windows\winsvchgost.exe
PRC - [2013/02/10 13:15:57 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346673320.exe
PRC - [2013/02/10 13:08:53 | 000,756,736 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
PRC - [2013/02/10 13:08:50 | 000,470,016 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
PRC - [2013/02/10 13:08:14 | 000,301,415 | -HS- | M] () -- c:\users\customer\appdata\local\temp\1347258726.exe
PRC - [2013/02/10 13:07:44 | 000,217,424 | -HS- | M] (Company) -- C:\Users\customer\AppData\Local\Temp\1347230838.exe
PRC - [2013/02/09 10:29:38 | 000,544,768 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
PRC - [2013/02/09 07:17:16 | 000,237,568 | -H-- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
PRC - [2013/02/08 17:40:19 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
PRC - [2013/02/08 17:33:15 | 000,399,872 | RHS- | M] () -- C:\Users\customer\mfpdd.exe
PRC - [2013/02/07 18:05:55 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
PRC - [2013/01/15 22:54:06 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012/12/26 23:08:58 | 001,644,544 | ---- | M] (Zoom Downloader) -- C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe
PRC - [2012/12/25 13:06:12 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files (x86)\UnHackMe\hackmon.exe
PRC - [2012/12/19 22:50:52 | 001,645,856 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/12/15 10:26:38 | 000,811,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/07 18:04:02 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\customer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/08 01:40:37 | 000,218,837 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Uclo\ufat.exe
PRC - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/09/12 23:54:58 | 000,396,416 | ---- | M] (LG Electronics) -- C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
PRC - [2012/09/05 20:00:35 | 000,499,352 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\realplay.exe
PRC - [2012/09/05 20:00:30 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012/05/29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012/03/29 02:57:56 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\agcp.exe
PRC - [2010/06/28 17:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/11 09:32:50 | 001,541,472 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/03/03 08:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 08:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/16 14:16:06 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/06/10 16:22:50 | 000,032,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/10 13:17:24 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346528389.exe
MOD - [2013/02/10 13:15:57 | 000,074,113 | -HS- | M] () -- C:\Users\customer\AppData\Local\Temp\1346673320.exe
MOD - [2013/02/10 13:08:14 | 000,301,415 | -HS- | M] () -- c:\users\customer\appdata\local\temp\1347258726.exe
MOD - [2013/02/07 18:18:05 | 012,459,888 | ---- | M] () -- C:\Users\customer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/15 10:17:14 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\07e052b2219f181a8b3da6b7b26cff06\System.Web.ni.dll
MOD - [2013/01/15 10:17:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/15 10:17:06 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9068074964b477b113e4be12d11d21ca\System.Data.ni.dll
MOD - [2013/01/15 10:10:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e\System.Windows.Forms.ni.dll
MOD - [2013/01/15 10:10:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/15 10:09:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e28d850a18bb8287dadb8aa7e3e779fc\System.Xml.ni.dll
MOD - [2013/01/15 10:09:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/15 10:09:29 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/15 10:09:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/10/08 01:40:37 | 000,218,837 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Uclo\ufat.exe
MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2010/03/11 09:32:54 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/03/11 09:32:42 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/03/11 09:32:28 | 000,632,056 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/12/16 14:16:06 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/10/04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/10/02 10:20:24 | 001,261,936 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/03/28 19:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/10 13:08:52 | 000,697,344 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2013/02/10 13:08:51 | 001,114,112 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2013/02/10 13:08:51 | 000,585,728 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 13:08:50 | 000,470,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Running] -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe -- (HcwDevCentralService)
SRV - [2013/02/10 13:08:46 | 000,308,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/10 13:08:44 | 000,244,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2003/04/04 14:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/12/26 16:46:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/25 06:18:26 | 000,576,944 | ---- | M] (Hauppauge Computer Work, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwE5bda.sys -- (hcwE5bda)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/05 08:47:49 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 01:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 01:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 01:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/28 19:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/28 18:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/20 13:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/02/08 08:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 06:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 04:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2013/02/10 13:21:03 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.77searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6OyZjH0Mp6&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2790392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{067D9AAC-CD10-4DEB-BB40-1D20BA76545C}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...GW_enUS437US437
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{8FE0713C-97F0-482B-B047-D0117B9DBE67}: "URL" = http://search.condui...&ctid=CT3237160
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyZjH0Mp6&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}
IE - HKCU\..\SearchScopes\{FB2CFCCE-EC9E-4801-B460-076DF32B74D6}: "URL" = http://search.yahoo....0110627,0,0,0,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/01/05 20:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/10 16:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/27 00:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/01/05 20:12:32 | 000,000,000 | ---D | M]
[2011/06/27 16:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\customer\AppData\Roaming\mozilla\Extensions
[2012/08/12 13:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\customer\AppData\Roaming\mozilla\Firefox\extensions
[2012/08/12 13:57:17 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\customer\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/01/05 20:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.13.20.300_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.13.20.300_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay\nplplaypop.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: South Park = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.4_0\
CHR - Extension: Google Drive = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: XJZ Survey Remover = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh\3.5.0.1_0\
CHR - Extension: Google Chrome = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlddmedljhmbgdhapibnagaanenmajcm\1.0_0\
CHR - Extension: Don't Starve = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Gmail = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper Toolbar) - {9D0F7EB2-452D-4766-B535-8D23E36C300E} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [M0U2QzREMDIzODg2MDZCNk] C:\Users\customer\mfpdd.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [sysmem] C:\Users\customer\AppData\Roaming\sysmem.exe (Quick Heal Technologies Pvt. Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [win32] C:\kernels\drivers.vbs ()
O4 - HKLM..\Run: [Windows Defender] C:\Users\customer\AppData\Roaming\62.exe (Company)
O4 - HKLM..\Run: [winpretenx] C:\Users\customer\AppData\Roaming\wass.exe (Company)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKLM..\Run: [xprsxxm] C:\Users\customer\AppData\Roaming\dad1.exe (Company)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DownloadManager] C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe (Zoom Downloader)
O4 - HKCU..\Run: [FacbookUpdate] C:\Users\customer\AppData\Roaming\FacbookUpdate.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\customer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GamersoulBT] C:\Users\customer\AppData\Roaming\MyFolder\GamersoulBT.exe (Gamersoul)
O4 - HKCU..\Run: [Google Updater] C:\Users\customer\AppData\Roaming\Microsoft\SysAudio.exe (Synth Incorporated)
O4 - HKCU..\Run: [iexplorer] C:\Users\customer\AppData\Roaming\java.exe ()
O4 - HKCU..\Run: [Ihmytole] C:\Users\customer\AppData\Roaming\Uclo\ufat.exe ()
O4 - HKCU..\Run: [Java] C:\Windows\SysWOW64\Java\JavaUpdate.exe ()
O4 - HKCU..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [spoolsv.exe] C:\Users\customer\AppData\Roaming\svchost.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\customer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [sysmem] C:\Users\customer\AppData\Roaming\sysmem.exe (Quick Heal Technologies Pvt. Ltd.)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKCU..\Run: [WinDefender] C:\Users\customer\AppData\Roaming\WinDefender.Exe (IUT)
O4 - HKCU..\Run: [Windows Defender] C:\Users\customer\AppData\Roaming\hal2niga.exe (Quick Heal Technologies Pvt. Ltd.)
O4 - HKCU..\Run: [Windows Microsoft Services] C:\Users\customer\AppData\Local\Temp\homepremium.exe (FZSFTP)
O4 - HKCU..\Run: [winpretenx] C:\Users\customer\AppData\Roaming\wass.exe (Company)
O4 - HKCU..\Run: [xprsxxm] C:\Users\customer\AppData\Roaming\dad1.exe (Company)
O4 - Startup: C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk = C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\customer\mfpdd.exe) - C:\Users\customer\mfpdd.exe ()
F3 - HKCU WinNT: Load - (C:\Users\customer\mfpdd.exe) - C:\Users\customer\mfpdd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 3D 11 5F C0 FC 05 2F 6A 12 04 00 00 00 30 00 00 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 56 6B FF 7A F6 3C 0B 37 14 35 83 50 04 31 CC 19 AE 68 45 42 CE 6A 01 17 EB 7D EF 9A 03 2A 4A 71 66 4F 0D 09 66 61 69 A4 CE 88 32 40 8C 8A 29 EC D9 C0 48 72 79 5D C5 A1 0C 2F 07 CD C4 02 1B 14 FD FB 90 34 27 3E 53 87 74 B0 10 0A 38 6B C7 16 32 79 3F A0 E9 56 A8 D5 12 71 FE B9 5C 7A 74 BE 30 E2 48 53 74 6F 68 27 5C 3E AA F8 49 FC 04 B4 83 B1 08 1A 14 10 E0 C5 2A B8 CB 26 1A B9 A6 C0 6C 07 0F 84 12 EC 70 13 08 6F 57 7C CE 39 AA 26 0C D3 0C 95 1B 49 A1 83 31 0B 54 1C BA 97 19 6F 9C A0 B6 4A 25 71 70 B5 F3 12 56 A8 E6 32 E9 E2 CA 6C E3 1D 8F 95 EF F8 41 61 6B 37 22 4B FA CF 63 54 BD EA B1 7D F3 02 48 07 3B 17 F6 80 65 35 B6 0D 14 E1 0E 27 F3 C6 7C E5 AC 1B A6 E2 12 70 89 68 AC 22 48 84 EF 76 F4 88 0D 23 0B 5A 89 F1 73 3D E0 D1 EF DD 78 38 95 FA 58 97 87 35 41 AE 23 40 D9 83 84 BD 3D AF 1F 7C 23 B3 01 28 2A 59 E6 22 56 A9 46 77 D3 0A E8 03 E1 30 C3 7A 62 E4 90 6A D9 A5 40 F3 FE 2C A0 8B C6 10 35 C3 D7 C3 EB CA CE 7D 7C A3 81 BD 3B 6C 28 93 59 12 33 3A C7 44 87 E2 39 B9 19 B1 BA 47 8C 6C 2B 68 F8 B9 BC 0B A9 C3 20 41 99 65 2C 71 F1 06 EF 90 05 5C 46 D6 82 B8 CE B2 E6 13 A1 93 23 50 2E 50 DD A7 7E 9D 42 1B 20 CD D4 FF 41 F6 F4 2D EB F3 F8 A5 C2 72 BB 72 10 F9 AB B9 CF C8 60 B2 56 8A EC 44 91 37 A0 48 5C 98 C6 58 9B 79 CE 65 74 F1 49 9A 2F 13 64 AB 10 08 50 6B CD 0C A4 07 AE F8 93 09 FA A0 9F 4A C4 98 78 52 9C 7D 25 30 5B 28 13 10 E0 4A A0 FB 4F D1 78 86 6B 7D 4A 51 34 75 FF 5C 39 8E 33 AD 7E 67 32 A7 50 74 E9 CE CF B0 00 86 42 ED 92 1B 18 94 5A AD 59 57 30 2F 7C B8 89 C5 C9 C4 A1 AA 60 C7 75 1A B1 A7 A5 29 C9 A6 9B 6F 9D BE 57 56 74 E3 9A F3 45 8D 66 C0 88 33 42 08 81 FC 76 EC 4F 9C 0C A8 1B 25 84 2D C7 C4 50 3A 8D 19 EE A8 E8 98 BC 93 BF 52 26 5A B8 F3 D7 16 1A D6 47 75 5F 0F 41 80 37 B6 C8 1E AF 8B 4E AB 84 95 79 E5 A6 8C 4D E3 4D 4A 59 7A 4B 68 33 2B 01 17 D9 1C 10 20 BE D5 4F 5D 3C AC 9E 6A 44 B0 57 34 B3 97 F3 EB C9 9B 2F 5E 3C E5 2C 67 56 38 76 91 CE 9D E2 8F 46 71 FB E6 BC D9 4C D8 44 EF 52 85 D6 F0 C2 C7 20 5E 5F 2D 71 90 6D 02 46 E7 99 DF DA C8 58 36 7B 56 3A 5F 11 FD 88 EC 6A 1B F8 D3 39 ED D2 36 25 24 80 D0 51 CE 66 C5 C0 6C 3A 98 88 E6 10 6D F8 94 4A 9F 4D C6 3E DD 25 B8 56 8E FB 4F 7B BA AD 6A CC EC E8 95 D4 6C 4D 6E 3D CE ED 8C 2D FA 41 26 62 13 D2 F2 6C 74 C9 5F 3B BC 8B 06 E4 E8 BA E6 91 C2 BC F5 2A D8 06 E7 C4 C5 94 7B B9 33 30 98 DB 80 C5 76 2F BD 4B 7F 50 F3 9E E9 6D 40 40 62 F5 AE 1F 6B 53 20 8F 9B 7D 34 A5 F2 C0 B6 C3 16 16 55 FA 0D 21 60 AD 85 64 17 ED F4 FD A0 83 82 53 D4 6B 15 75 F4 CB 66 59 4D B3 85 5C 00 54 BD D4 E4 26 F4 8B DA 5C 74 2A 80 FA CF C7 86 C4 38 17 77 74 F2 5A C3 21 29 24 9B 76 01 33 BC E6 05 61 16 B2 76 EF CA 9B 55 C9 D9 AC FB 91 E3 D4 94 02 A6 8D 26 6D C2 FE 0D 76 1E F0 E9 E5 5D 47 55 ED D2 05 37 30 7A 79 B7 97 C5 EE D7 6B 13 29 C1 6A 60 3C 39 E9 9F 3E FA 31 AC 32 66 2C CD 63 AE B3 A1 1D FD 32 BD 4F CF AA 51 B6 37 19 5B AB 93 AD E9 82 B0 27 A8 4B 63 5B 2B BC 1E 80 2C 09 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Windows Defender = C:\Users\customer\AppData\Roaming\hal2niga.exe (Quick Heal Technologies Pvt. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 64029 = c:\progra~3\dxhrkqq.exe (Quick Heal Technologies Pvt. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: winpretenx = C:\Users\customer\AppData\Roaming\wass.exe (Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: xprsxxm = C:\Users\customer\AppData\Roaming\dad1.exe (Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: sysmem = C:\Users\customer\AppData\Roaming\sysmem.exe (Quick Heal Technologies Pvt. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O9 - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O9 - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE462EC-D26F-48CC-9AE9-85B5774CAF04}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F1166FC-0AD1-40F7-87DD-90B2D3AE3D32}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\Java\JavaUpdate.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/04 13:12:58 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7d72a5aa-d1b7-11e0-bd90-1c750821f4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{7d72a5aa-d1b7-11e0-bd90-1c750821f4d9}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{e7fe4397-4fa3-11e2-993e-1c750821f4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{e7fe4397-4fa3-11e2-993e-1c750821f4d9}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/06/29 07:41:32 | 000,410,312 | R--- | M] (MAXON Computer GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/10 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/02/10 13:21:03 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2013/02/10 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\RegRun2
[2013/02/10 13:20:30 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2013/02/10 13:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2013/02/10 13:20:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/02/10 13:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/02/10 13:07:44 | 000,217,424 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\62.exe
[2013/02/10 12:36:29 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Logs
[2013/02/10 01:55:22 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Install
[2013/02/10 01:53:59 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\WinDbg
[2013/02/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\Windows
[2013/02/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\Services
[2013/02/09 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegTweaker
[2013/02/09 19:06:04 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Kinect
[2013/02/09 18:54:04 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Engaged
[2013/02/09 18:44:46 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Uniblue
[2013/02/09 18:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/02/09 18:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegUtility
[2013/02/09 10:29:38 | 000,544,768 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
[2013/02/09 07:17:16 | 000,237,568 | -H-- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
[2013/02/08 17:54:59 | 000,000,000 | -HSD | C] -- C:\Users\customer\AppData\Roaming\msnmsgr
[2013/02/08 17:40:19 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
[2013/02/08 17:40:02 | 000,673,792 | ---- | C] (Microsoft Corp.) -- C:\Users\customer\AppData\Roaming\egoxwe.exe
[2013/02/08 17:30:06 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Happauge Recorder
[2013/02/07 18:05:55 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Uclo
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Taurog
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Fuwie
[2013/02/06 09:42:33 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\GG3_V1.1.0.2
[2013/02/05 18:50:50 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Audacity
[2013/02/05 18:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/02/05 18:12:35 | 000,000,000 | ---D | C] -- C:\vcs5core
[2013/02/05 18:12:35 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2013/02/05 18:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Voice Changer Software DIAMOND
[2013/02/05 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Voice Changer Software DIAMOND
[2013/02/02 21:00:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/01/29 20:40:16 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Java
[2013/01/28 12:29:27 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Local\GameTuts
[2013/01/27 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/01/27 23:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/01/27 23:28:47 | 000,044,928 | ---- | C] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys
[2013/01/27 23:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2013/01/27 17:40:50 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Nodus
[2013/01/27 17:16:56 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Unlimited Cheating
[2013/01/20 23:51:46 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\MSNInstaller
[2013/01/20 23:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2013/01/19 19:36:51 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\TmForever
[2013/01/19 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2013/01/19 19:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2013/01/19 19:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2013/01/15 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\YourFileDownloader
[2013/01/15 22:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2013/01/15 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\MapleHacks
[2013/01/15 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Maple Backup
[2013/01/15 09:41:36 | 000,000,000 | ---D | C] -- C:\Nexon
[2013/01/15 09:03:23 | 4265,379,000 | ---- | C] (Nexon) -- C:\MSSetupv125.exe
[2013/01/15 07:49:28 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Local\ElevatedDiagnostics
[2013/01/15 07:45:51 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\MSDCSC
[2013/01/07 04:15:06 | 000,865,280 | ---- | C] (IUT) -- C:\Users\customer\AppData\Roaming\WinDefender.Exe
[2012/10/06 19:11:20 | 000,819,712 | ---- | C] (Ufasoft) -- C:\Users\customer\AppData\Roaming\usft_ext.dll
[2012/10/06 19:11:10 | 000,252,416 | ---- | C] (Windows) -- C:\Users\customer\AppData\Roaming\miner.dll
[2009/07/13 18:31:52 | 000,135,168 | -HS- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxmibgpxp.exe
[2009/07/13 18:31:52 | 000,081,920 | -HS- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxleka.exe
[2009/07/13 18:31:52 | 000,073,728 | -HS- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxhrkqq.exe
[2009/07/13 15:46:42 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\customer\AppData\Roaming\For josh.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/10 13:44:00 | 000,002,747 | ---- | M] () -- C:\Users\customer\AppData\Roaming\rsspec01
[2013/02/10 13:39:26 | 000,002,404 | ---- | M] () -- C:\Users\customer\AppData\Roaming\xprdss
[2013/02/10 13:38:28 | 000,001,089 | ---- | M] () -- C:\Users\customer\AppData\Roaming\62
[2013/02/10 13:36:53 | 000,002,672 | ---- | M] () -- C:\Users\customer\AppData\Roaming\xprdssx
[2013/02/10 13:33:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/10 13:21:03 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/02/10 13:20:27 | 000,044,544 | ---- | M] () -- C:\Windows\SysWow64\fbfpnee.exe
[2013/02/10 13:13:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 13:13:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 13:10:28 | 000,041,472 | ---- | M] () -- C:\Users\customer\AppData\Roaming\wmdc.exe
[2013/02/10 13:09:52 | 000,000,065 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/02/10 13:09:16 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\newdefault.ini
[2013/02/10 13:07:44 | 000,217,424 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\62.exe
[2013/02/10 13:05:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/10 13:04:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/10 13:04:24 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2013/02/10 13:04:14 | 1942,142,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/10 12:54:15 | 000,000,211 | ---- | M] () -- C:\Users\customer\AppData\Roaming\22222222
[2013/02/09 21:30:56 | 000,000,736 | ---- | M] () -- C:\Users\customer\AppData\Roaming\MaxMishkin
[2013/02/09 20:27:18 | 000,000,446 | ---- | M] () -- C:\Users\customer\AppData\Roaming\runmdc
[2013/02/09 12:29:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664367239-3075011552-1143883363-1000UA.job
[2013/02/09 10:29:38 | 000,544,768 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
[2013/02/09 07:22:03 | 000,003,596 | ---- | M] () -- C:\Windows\SysWow64\gmon.out
[2013/02/09 07:18:07 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/09 07:18:07 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/09 07:18:07 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/09 07:17:34 | 000,476,672 | -HS- | M] () -- C:\Users\customer\AppData\Roaming\FacbookUpdate.exe
[2013/02/09 07:17:16 | 000,237,568 | -H-- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
[2013/02/08 18:29:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664367239-3075011552-1143883363-1000Core.job
[2013/02/08 17:40:19 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
[2013/02/08 17:33:15 | 000,399,872 | RHS- | M] () -- C:\Users\customer\mfpdd.exe
[2013/02/07 18:05:55 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
[2013/02/07 15:40:49 | 000,001,223 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Java
[2013/02/07 04:38:30 | 000,197,025 | -H-- | M] () -- C:\Users\customer\AppData\Roaming\hal2u.exe
[2013/02/07 04:38:30 | 000,197,025 | -H-- | M] () -- C:\Users\customer\awt43abr.exe
[2013/02/07 04:38:28 | 000,036,696 | ---- | M] () -- C:\Users\customer\wgsdgsdgdsgsd.exe
[2013/02/06 18:24:29 | 000,064,683 | ---- | M] () -- C:\Users\customer\Desktop\mjong tiles.jpg
[2013/02/06 10:21:38 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Horizon.lnk
[2013/02/05 19:09:00 | 000,172,368 | ---- | M] () -- C:\Users\customer\Documents\rec_Vcs6Core_19-08-41.mp3
[2013/02/02 08:34:03 | 000,018,902 | ---- | M] () -- C:\Users\customer\AppData\Roaming\IIIuR
[2013/02/01 09:00:40 | 000,024,064 | ---- | M] () -- C:\Users\customer\AppData\Roaming\java.exe
[2013/01/18 21:05:18 | 000,000,132 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/15 10:27:37 | 004,895,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/15 10:24:28 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/15 09:41:23 | 4265,379,000 | ---- | M] (Nexon) -- C:\MSSetupv125.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/02/10 13:20:27 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\fbfpnee.exe
[2013/02/10 01:54:29 | 000,000,211 | ---- | C] () -- C:\Users\customer\AppData\Roaming\22222222
[2013/02/09 21:25:46 | 000,001,089 | ---- | C] () -- C:\Users\customer\AppData\Roaming\62
[2013/02/09 18:25:05 | 000,000,736 | ---- | C] () -- C:\Users\customer\AppData\Roaming\MaxMishkin
[2013/02/09 16:17:50 | 000,000,446 | ---- | C] () -- C:\Users\customer\AppData\Roaming\runmdc
[2013/02/09 10:31:07 | 000,002,508 | ---- | C] () -- C:\Users\customer\AppData\Roaming\rsspec01
[2013/02/09 07:22:11 | 000,041,472 | ---- | C] () -- C:\Users\customer\AppData\Roaming\wmdc.exe
[2013/02/09 07:17:36 | 000,476,672 | -HS- | C] () -- C:\Users\customer\AppData\Roaming\FacbookUpdate.exe
[2013/02/08 17:40:51 | 000,002,672 | ---- | C] () -- C:\Users\customer\AppData\Roaming\xprdssx
[2013/02/08 17:33:15 | 000,399,872 | RHS- | C] () -- C:\Users\customer\mfpdd.exe
[2013/02/07 18:06:26 | 000,002,404 | ---- | C] () -- C:\Users\customer\AppData\Roaming\xprdss
[2013/02/07 04:39:00 | 000,001,223 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Java
[2013/02/07 04:38:30 | 000,197,025 | -H-- | C] () -- C:\Users\customer\AppData\Roaming\hal2u.exe
[2013/02/07 04:38:30 | 000,197,025 | -H-- | C] () -- C:\Users\customer\awt43abr.exe
[2013/02/07 04:38:28 | 000,036,696 | ---- | C] () -- C:\Users\customer\wgsdgsdgdsgsd.exe
[2013/02/07 04:38:28 | 000,003,596 | ---- | C] () -- C:\Windows\SysWow64\gmon.out
[2013/02/06 18:24:29 | 000,064,683 | ---- | C] () -- C:\Users\customer\Desktop\mjong tiles.jpg
[2013/02/06 10:21:38 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Horizon.lnk
[2013/02/05 19:08:48 | 000,172,368 | ---- | C] () -- C:\Users\customer\Documents\rec_Vcs6Core_19-08-41.mp3
[2013/02/05 18:49:01 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/02/02 08:34:03 | 000,018,902 | ---- | C] () -- C:\Users\customer\AppData\Roaming\IIIuR
[2013/02/01 09:00:40 | 000,024,064 | ---- | C] () -- C:\Users\customer\AppData\Roaming\java.exe
[2013/01/08 20:27:47 | 000,000,132 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/07 04:15:36 | 000,034,949 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Youtube
[2012/12/30 10:54:24 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/08 17:19:08 | 000,004,662 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/12/04 18:56:47 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe
[2012/12/04 18:56:47 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe
[2012/12/04 18:53:28 | 000,290,500 | ---- | C] () -- C:\Users\customer\AppData\Local\funmoods-speeddial_sf.crx
[2012/12/04 18:53:24 | 000,031,465 | ---- | C] () -- C:\Users\customer\AppData\Local\funmoods.crx
[2012/10/06 19:11:51 | 000,000,000 | ---- | C] () -- C:\Users\customer\AppData\Roaming\True
[2012/10/06 19:11:22 | 000,206,858 | ---- | C] () -- C:\Users\customer\AppData\Roaming\phatk.ptx
[2012/10/06 19:11:09 | 000,033,792 | ---- | C] () -- C:\Users\customer\AppData\Roaming\svchost.exe
[2012/08/28 06:50:42 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\newdefault.ini
[2012/02/11 12:51:32 | 000,001,271 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Roaming - Shortcut.lnk
[2011/12/03 09:48:17 | 000,002,133 | ---- | C] () -- C:\Users\customer\.recently-used.xbel
[2011/11/18 07:26:01 | 000,000,017 | ---- | C] () -- C:\Users\customer\AppData\Local\resmon.resmoncfg
[2011/10/27 07:37:30 | 000,000,000 | ---- | C] () -- C:\Users\customer\AppData\Local\{5EEC4BAB-6255-4B69-AE61-0C9320927B59}
[2011/08/29 17:58:04 | 000,000,065 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/06/25 17:53:04 | 000,033,134 | ---- | C] () -- C:\Users\customer\AppData\Roaming\UserTile.png
[2011/06/23 09:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/22 07:13:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/22 07:13:33 | 000,054,520 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2011/06/22 07:13:33 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/06/22 07:13:33 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2009/07/13 18:31:52 | 000,036,696 | -HS- | C] () -- C:\ProgramData\dxksaoqiu.exe
[2009/07/13 18:31:52 | 000,017,408 | -HS- | C] () -- C:\ProgramData\dxugedtae.exe
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/02/04 09:07:13 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\.minecraft
[2012/02/11 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\.Nitrous
[2013/02/05 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Audacity
[2011/09/05 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Blueberry
[2011/08/25 19:04:11 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/26 16:11:29 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\DAEMON Tools Lite
[2013/02/05 07:10:45 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\dclogs
[2013/02/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Engaged
[2013/02/06 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Fuwie
[2011/12/03 09:47:53 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\gtk-2.0
[2013/02/10 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Install
[2013/02/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Kinect
[2013/02/10 12:36:30 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Logs
[2011/09/05 08:48:14 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\LogSys
[2013/02/10 00:09:15 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\MAXON
[2013/01/20 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\MSNInstaller
[2013/02/08 17:54:59 | 000,000,000 | -HSD | M] -- C:\Users\customer\AppData\Roaming\msnmsgr
[2012/08/27 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\MyFolder
[2012/09/09 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\OpenCandy
[2012/08/02 21:50:52 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\PC Speed Maximizer
[2012/11/30 19:20:54 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Publish Providers
[2011/10/30 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Rovio
[2013/01/07 21:24:32 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Screaming Bee
[2012/12/04 22:38:20 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Sony
[2012/12/06 21:01:16 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Sony Creative Software Inc
[2013/02/05 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Spotify
[2011/08/31 16:24:39 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\SystemRequirementsLab
[2013/02/10 13:50:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Taurog
[2011/08/31 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Tific
[2013/02/06 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Uclo
[2013/02/09 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Uniblue
[2012/10/12 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Unity
[2013/01/27 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Unlimited Cheating
[2013/02/05 20:21:25 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\uTorrent
[2011/06/27 16:11:30 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\WeatherBug
[2013/02/10 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\WinDbg
[2013/01/09 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\WindSolutions
[2012/12/27 00:39:46 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\Wondershare Video Converter Ultimate
[2013/01/15 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\customer\AppData\Roaming\YourFileDownloader
========== Purity Check ==========
< End of report >
and here is the extras one
OTL Extras logfile created on: 2/10/2013 1:35:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\customer\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 75.46% Memory free
15.49 Gb Paging File | 13.43 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 339.34 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive E: | 4.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MAX | User Name: customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2664367239-3075011552-1143883363-1000]
"EnableNotifications" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\For josh.exe" = C:\Users\customer\AppData\Roaming\For josh.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\awt43abr.exe" = C:\Users\customer\awt43abr.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\customer\AppData\Roaming\hal2u.exe" = C:\Users\customer\AppData\Roaming\hal2u.exe:*:Enabled:Windows Messanger -- ()
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\AppData\Roaming\wass.exe" = C:\Users\customer\AppData\Roaming\wass.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347371834.exe" = C:\Users\customer\AppData\Local\Temp\1347371834.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1430368838.exe" = C:\Users\customer\AppData\Local\Temp\1430368838.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Roaming\dad1.exe" = C:\Users\customer\AppData\Roaming\dad1.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347148844.exe" = C:\Users\customer\AppData\Local\Temp\1347148844.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\hal2niga.exe" = C:\Users\customer\AppData\Roaming\hal2niga.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\sysmem.exe" = C:\Users\customer\AppData\Roaming\sysmem.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Local\Temp\1358692202.exe" = C:\Users\customer\AppData\Local\Temp\1358692202.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\62.exe" = C:\Users\customer\AppData\Roaming\62.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347230838.exe" = C:\Users\customer\AppData\Local\Temp\1347230838.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\For josh.exe" = C:\Users\customer\AppData\Roaming\For josh.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\awt43abr.exe" = C:\Users\customer\awt43abr.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\customer\AppData\Roaming\hal2u.exe" = C:\Users\customer\AppData\Roaming\hal2u.exe:*:Enabled:Windows Messanger -- ()
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\AppData\Roaming\wass.exe" = C:\Users\customer\AppData\Roaming\wass.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347371834.exe" = C:\Users\customer\AppData\Local\Temp\1347371834.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1430368838.exe" = C:\Users\customer\AppData\Local\Temp\1430368838.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Roaming\dad1.exe" = C:\Users\customer\AppData\Roaming\dad1.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347148844.exe" = C:\Users\customer\AppData\Local\Temp\1347148844.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\hal2niga.exe" = C:\Users\customer\AppData\Roaming\hal2niga.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\sysmem.exe" = C:\Users\customer\AppData\Roaming\sysmem.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Local\Temp\1358692202.exe" = C:\Users\customer\AppData\Local\Temp\1358692202.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\62.exe" = C:\Users\customer\AppData\Roaming\62.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347230838.exe" = C:\Users\customer\AppData\Local\Temp\1347230838.exe:*:Enabled:Windows Messanger -- (Company)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070F4F75-C779-4DD4-BBFF-8EB9AB583476}" = lport=137 | protocol=17 | dir=in | app=system |
"{132CBB95-4D39-46D6-BE55-0B8415708971}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BFB3CFC-00AF-43B8-A599-B224793ACF52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EDB714B-227D-4916-9EF3-48466AD61FC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29B487F0-45A1-41EA-A0C2-9AD6238CEC4D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3009DB0D-D86F-4648-89EF-537254E021A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4798E717-B82A-408C-BF63-79147609F6E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{49181287-5365-4008-92CE-3AC2294D46A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{497A01B4-BA3C-41E7-BC3A-68B1683FD1C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A74B911-965D-43B9-87EB-579D03E70CD9}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D8F5644-1DA3-485F-ADFB-55A53774052B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6612A948-8489-420B-9E50-EAFAE7E9F029}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66F56135-BFF2-47A1-A8B6-84B29B30E4E7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B6A5D4C-3C2F-4A6C-9D36-952F1F9A8D09}" = lport=138 | protocol=17 | dir=in | app=system |
"{88EC1056-9664-421E-AE1D-30493253DE33}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A03AAD28-6C84-46CA-8B7F-E6DF18D7C925}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC7E5074-56D4-4C9A-A9C5-7FC625FF4F6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD0009F7-3C7D-4F4D-858C-52BE53BE667E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE96B054-36A0-4183-ACB6-4F55C4915C12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4AD28A5-32FE-450D-AA3D-7981258E08D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9BAF6EC-7F96-483E-846F-5A7745A081FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCBC70DB-2AE5-4CF4-BF88-460074959C5B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E569EE75-CE17-4D40-9F6E-8DFD8D5A0800}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE569886-A055-4DB1-81E4-D4D9AD6AE949}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6BEB4B8-60F1-442E-AC97-92A92EE571F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08379FF9-2C1E-48B7-BDF1-7272C5E81987}" = protocol=17 | dir=in | app=c:\users\customer\downloads\crossfire_downloader.exe |
"{0BFC370D-2249-4598-828D-2D5C13C6E00B}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{0CD06F53-6B51-4F12-91F8-90B00F071A65}" = protocol=17 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-service.exe |
"{0CDCF9BE-B41B-4BE6-84CD-7CA473A79DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{0DFA7A57-B287-4BF8-8034-F250626FB1F4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0E0AF901-9971-41A2-8A5F-565261C408A9}" = protocol=6 | dir=in | app=c:\users\customer\downloads\crossfire_downloader.exe |
"{0FBA5C7D-5A39-4E0B-AE40-10043E135C40}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{162446DC-5010-434A-9C6E-2B9E8FDB86E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EB1694C-7D96-47BD-8F95-AFAC0CC27FE3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2276B45A-1FA0-4E79-9447-64A397786288}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22ECFA8F-4767-4A29-BCF8-CB9D8FAA37A4}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{24FA07E5-4AE0-46C6-A662-5E363A00DC60}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2566BD3B-DB8A-44DC-AE8B-938320D44C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{281494E0-C756-4B57-930A-BD982A903BFF}" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"{2BAB73B1-C00B-43D9-AA6B-EBFB62CE1976}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E770A80-9FD3-4B70-8895-916F9BDA8D6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{388F699D-D625-4503-A6FA-AB9772A5124E}" = protocol=17 | dir=in | app=c:\program files (x86)\subsonic\subsonic-service.exe |
"{39344C60-7E7F-4499-AF5D-D360E09A5C04}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{3E0C4CCC-E8A8-4EEF-AF50-60A1E5CD151F}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{3FEDE4ED-2925-4471-A0F3-7D7E90DAA234}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{403249AE-C6FA-48A6-861D-F1ABE95E21DB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{403355D6-8082-4A24-B1A8-521C546AC5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"{404F9D0D-FA16-4838-9811-E45141ACBD97}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{41D8E65E-E3BB-41BB-9324-29A09B9D81A6}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{44DEA33A-CB03-447A-B9A2-2B95DC17E0E3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{48D2AF0E-4369-4AA0-BF22-4686C0E8981F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49550D90-1764-45FD-B229-D752D818C761}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BA4A6A4-E009-411B-9B6A-F4AB55274836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{4EBB8615-30A1-44AB-9DC9-70994E3499F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50B7CD20-FAEC-4823-8FEF-3F92047C21B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5151E8EE-511E-4905-977B-388CAC5E924D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{567E9D11-4B5F-4EF3-B609-BBCE0BAD6677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5721FD0E-B1F5-422C-BF76-5F488218D695}" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"{5742F965-668D-45F7-9747-EECB1BBDE4F5}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{591A1254-FB9C-4365-83CD-ED7C72643A9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{5B23730B-7E8B-47B4-ADEB-7379B593C954}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5E6CDAC5-8DEB-4A95-9044-82DA31AD39D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62CDF8F7-DE3E-47E4-8C2A-A338F56040AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6871DBB4-A288-4342-BAB1-91C3A889E7C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68A58B9C-8FB0-40E3-9C0B-CF5F1CA6906E}" = protocol=58 | dir=out | [email protected],-503 |
"{6BB13321-3080-45B6-B422-FBC004FDF95E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{73220D07-7CC5-484C-AE02-117BDB0A375B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{765166E9-CAD6-4EFA-9340-998358D2721E}" = protocol=58 | dir=in | app=system |
"{78D996D4-D6C2-4F39-B1C7-414DDFF1284D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"{7B00C289-C762-428E-A0F7-7B93C4563DCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EEA2A0B-7C49-480A-A9DC-5D4C6763E112}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{7EEB34F7-3B24-4A2B-90DF-4D069A50082C}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{82EE32E7-0117-4A59-9CFB-44BDBCACACA2}" = protocol=58 | dir=out | [email protected],-28546 |
"{86C6D66B-C95F-4FAF-9EBB-86F5EEAC3DFC}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{87B7A988-3671-4FFF-8CAB-8989A4A558D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{88F08FA6-B93C-411B-99E0-35F76FC4000F}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{8DFC1826-C368-4C73-BDE4-D02802D74ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{921164BD-8084-4D12-A86B-E9D1C72A12A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{92AC9925-01C1-4D33-80CD-3F33C02E48C9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{93752EED-FC37-48C6-BBCF-556DF4AE4FF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94A5C970-BAAA-414D-B844-36C78C02E1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{95BABD67-5F32-43A5-8ED5-B8EBF9C1B778}" = protocol=17 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-agent.exe |
"{95CCEF94-9AEE-4EB8-9F25-4C8B019A6EA7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{95FA1701-16EB-4C24-B085-38BB0C49FCDA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9A0F687D-3B25-438A-A21E-314726F3C9AE}" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9B736F72-12D3-44DA-86E1-F619BDD3B9CF}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{9CE0EF0D-A3CD-4C8E-BCDC-3BF79A9FC36F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E7F3B0C-71AE-4A9A-950A-EA40B26A35BF}" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"{9E9C66C0-C55C-4386-9292-458092EEC00B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9EC9EBEF-65F6-4F52-89B0-9F0BDBAA2AAD}" = protocol=17 | dir=in | app=c:\program files (x86)\subsonic\subsonic-agent.exe |
"{9EE15343-95B2-4BD2-8A6D-F53305E644D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FF0925B-EA1E-403E-AAF9-D8B29C433B10}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A25B32EF-9823-4327-9544-B1EDB1EB7B80}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{A2E53D51-4035-4C58-81FF-326ABD136BDE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2EA63AB-A4BE-4467-A4CD-369ABE2A6866}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A3CF4411-0299-4348-9D71-1DB5F2504897}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A4D486CB-08BE-4D6F-8861-D28B456404A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A66214F9-331A-4CFE-9D51-4E2F6C7F567A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7DED61A-2EBE-4A47-BEDF-066026FFC003}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF1239A2-6D6A-4740-A9DB-C3C411966EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B128ABC3-4260-46A7-85EE-93421B0FD4AD}" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B46ACD0E-FB98-4F51-B83D-0156A90E0DF9}" = dir=in | app=c:\users\customer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{B5F58F7B-CC63-4C8E-9CE2-64B6D04DDB4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8129E64-279B-4182-86AF-5B30F0290CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{BB3B18E4-F1C7-41C1-9E6C-22796AA1B21C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BD75C3F6-0394-47A4-BEC4-4FC500499FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C171BAA5-CE7D-418C-8FC8-C35F2D8BFB82}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{C4D600CE-8BCB-4F1D-B11C-198A937205E8}" = protocol=6 | dir=in | app=c:\program files (x86)\subsonic\subsonic-agent.exe |
"{C52B5210-3525-4EB7-B495-00163CAC4C03}" = protocol=58 | dir=in | [email protected],-28545 |
"{C9AF863C-E2B2-47C8-A17D-771A521581F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB031F2F-1BD3-4A6D-BCAF-DE609AEDED4B}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{CC5A904D-C729-4D53-BE32-72F8B77C0BAE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CDF67B04-BC0A-4AEE-974D-674778923D34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1A101DD-C3EF-455B-A6F6-5E2890F7BC32}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D1A257A7-1140-45B1-B38E-5A5C55AEF304}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D3181234-A1CB-463F-B52C-AE033E766571}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D84B3C55-8A55-4481-842E-5DFABF8F488D}" = protocol=6 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-agent.exe |
"{D9C8F546-EF70-4614-84ED-826E813852D9}" = protocol=1 | dir=in | [email protected],-28543 |
"{E0D75E0C-97DD-4068-8733-E91FCABB2622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"{E13C6E14-E5F1-4710-BE1C-9357C926D0B9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E3CD56CD-9826-46EC-A98E-9D44EC6E536F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5EE9A79-4920-4798-88E5-56101C8FB33F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6E4BC2A-E70C-479B-8A48-B652BCBC549C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{E827868B-6927-48D0-A401-5CAFDD1147D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9339C8F-9170-468E-9B7D-5F6DE4A2C4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\subsonic\subsonic-service.exe |
"{EA48B0A6-0BA9-4CBC-8E11-BD818EFE45A5}" = protocol=6 | dir=out | app=system |
"{EA702A4D-B6DF-420B-A60D-E4685BE30718}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F15796E0-5B01-489D-9D25-3346F6AF8458}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{F2593C9A-6F4B-4CA0-9470-CCF006305564}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F28DD476-22C3-4DE7-A8F6-97CAB391E5B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47F7812-0EF7-4FC7-A97A-6698581DBBF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{F58997DE-4335-4F6C-8537-5AEB38E11B43}" = protocol=6 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-service.exe |
"{F8A36019-A401-4524-A44E-21BE056F884B}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{FAE2AD9D-07BB-4360-8F2F-9ECDABD112EC}" = protocol=1 | dir=out | [email protected],-28544 |
"{FBAAA707-2C2F-4F8F-8F86-8F921531396C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{FCDF8BD2-8EAB-4212-89F2-67D6748A1F49}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{0C70DFFD-C88F-4278-A34E-1176CBE6B927}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{0E6B2980-6348-44D1-8F1F-58CD748E3E2B}C:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{1909E1B1-9177-47D1-960F-E9E2F981C0ED}C:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{1B6AE4DF-03FE-4DED-9BBA-BD0DA27A3742}C:\users\customer\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\customer\desktop\skype.exe |
"TCP Query User{2B0BD8AE-9CE1-48BF-AC6B-B5FBD86CC8B6}C:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"TCP Query User{3105C7F7-15E7-4687-B2E1-1FC2CE7A6D06}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{33CB364A-13DC-4BB3-A0A8-62E40EE9928B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{35223F44-2013-42DB-9D6F-CF23BFD9A2C3}C:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{3FA8FDAB-E10A-4667-9F3E-F0CA97877E89}C:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{5FC94679-C140-47D1-BCB4-861380295249}C:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{62215796-C8AB-4C73-85AC-64C5D9C5B656}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{67D5A365-DDDE-4A90-8A79-7B65EDE85B60}C:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{6B806C12-8B11-4678-AE90-5E48E77C4737}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{7C59577D-DDB8-4AF3-B3A9-585BEB5BEF5F}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{8043BFF3-CDDA-4040-A299-BD92419DF4A6}C:\users\customer\appdata\roaming\uclo\ufat.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\uclo\ufat.exe |
"TCP Query User{842D0CBB-811F-4F96-8830-164DCAAA41E6}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{8E1D6D32-9AF7-4BA5-9359-1B668251EBC7}C:\users\customer\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9471F6C6-D22F-4EBD-900D-C80E816814D5}C:\program files (x86)\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"TCP Query User{981206A4-B8F8-48F9-8699-F3334E4B3E62}C:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{B7A0E0A3-47AC-40AE-97CE-399F9CAEE4FD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D9A28C78-4404-408A-855C-80EFFA6E9E47}C:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{DCB25DA8-4C49-49D8-97DC-948E3B5C178D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{DD03A665-BD7E-4B2B-A1BB-AAF7EA5A4051}C:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{E0A0BE93-31F0-4503-9593-3913A7FB2814}C:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{E4EB3482-B6D0-49C1-AA08-8E1C78086780}C:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe" = protocol=6 | dir=in | app=c:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe |
"UDP Query User{0435F9EF-0FC4-49B6-BA48-113D815D5285}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{298DD58F-1E0C-4066-9008-D55946555F07}C:\users\customer\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"UDP Query User{358F6310-23E8-486A-85AE-34C86675C628}C:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe" = protocol=17 | dir=in | app=c:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe |
"UDP Query User{3ABA1953-2946-4E85-9A73-FE9AF51C80B0}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4259D52E-1A1B-4721-BC83-303239C1B4A9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{44B85A46-16A1-423B-ACAC-42E96EB0F095}C:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{5D44C91D-DACC-4BAE-941D-5B1725FAD823}C:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{715F4EEC-82C2-466B-9BE7-9A089AFFFA6E}C:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{7F171329-EBD5-43A6-9B58-BE0EDB053EAD}C:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{9172C972-9EC1-4BCC-954A-0183772CAF7A}C:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{92B204C3-6D13-4FF2-BF2A-E0028E3E6A02}C:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{9920E655-D8B0-44A2-B8C7-69299F7CE110}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{9BF7D449-1FEC-45CC-9C0F-9B83D3E6EE25}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{9D943BFF-77F5-44C4-91E2-D224F390893B}C:\users\customer\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\customer\desktop\skype.exe |
"UDP Query User{A6867ED9-2ABE-432C-90E3-EB8C945E0574}C:\program files (x86)\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"UDP Query User{AB01D493-D63F-4CD5-A572-E3BE29462A45}C:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"UDP Query User{BB65E874-8D88-4345-91A3-E99DEFEFC937}C:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{C30DF455-AA6D-479A-BC75-AC7FD1F61B2F}C:\users\customer\appdata\roaming\uclo\ufat.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\uclo\ufat.exe |
"UDP Query User{C8C19D10-BA3F-4ECC-AD55-33B7B264E7E7}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{E1B672A0-2727-4318-BD57-B7DF50F31E5A}C:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{E5DF17A8-525C-47EA-9DAC-D38370AF59C1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E9F9E5F5-62B2-4932-8E65-ED881F44843B}C:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{EF76C5E8-DD86-41E2-AFD6-692AECB06904}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F9CB5C32-D8EF-4237-8AB4-74B925290DA5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{FA86C445-A192-44D4-A3EB-4F8420E62A8D}C:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java 6 Update 27 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = IB Updater Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AF333DE-057E-489C-9D1C-CE348AF7D1B8}" = MorphVOX Pro
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30A0F8D9-709B-451C-BFB3-D8559F4797F8}" = Fantapper Browser Plugin
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6e34608d-f6da-4dd4-8f4e-69bac17a2e92}" = Nero 9 Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.3
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"BB FlashBack Express" = BB FlashBack Express
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cross Fire_is1" = Cross Fire En
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.10.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hauppauge Device Central" = Hauppauge Device Central
"Identity Card" = Identity Card
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InternetHelper Toolbar" = InternetHelper Toolbar
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"MapleStory" = MapleStory
"MSNINST" = MSN
"NetTools_is1" = NetTools 5.0
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"RealPlayer 15.0" = RealPlayer
"TmNationsForever_is1" = TmNationsForever
"UnHackMe_is1" = UnHackMe 5.99 release
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.7
"Wajam" = Wajam
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Zoom Downloader" = Zoom Downloader
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"NetAssistant" = Freeze.com NetAssistant
"Spotify" = Spotify
"YourFileDownloader" = YourFileDownloader
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/4/2013 1:30:47 AM | Computer Name = max | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files (x86)\Brand
Affinity Technologies\Fantapper Browser Plugin\adxloader.dll.Manifest".Error in
manifest or policy file "C:\Program Files (x86)\Brand Affinity Technologies\Fantapper
Browser Plugin\adxloader.dll.Manifest" on line 2. The manifest file root element
must be assembly.
Error - 2/4/2013 1:31:54 AM | Computer Name = max | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 2/4/2013 2:49:30 AM | Computer Name = max | Source = .NET Runtime | ID = 1026
Description =
Error - 2/4/2013 2:49:32 AM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: GG3.exe, version: 0.0.0.0, time stamp:
0x50f8da10 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x04dd95fd Faulting process id: 0xe34 Faulting application
start time: 0x01ce02a2b425388c Faulting application path: C:\Users\customer\Desktop\GG3_V1.1.0.1\GG3.exe
Faulting
module path: unknown Report Id: 0719a22e-6e97-11e2-90da-1c750821f4d9
Error - 2/5/2013 6:21:27 PM | Computer Name = max | Source = .NET Runtime | ID = 1026
Description =
Error - 2/5/2013 6:21:31 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 1.1.0.0, time stamp:
0x506f305c Faulting module name: KERNELBASE.dll, version: 6.1.7600.17179, time stamp:
0x50b83f8a Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting process id:
0xbbc Faulting application start time: 0x01ce03ef19a7d862 Faulting application path:
C:\Users\customer\AppData\Roaming\svchost.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 63df64a1-6fe2-11e2-9645-1c750821f4d9
Error - 2/5/2013 6:50:21 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.10.0.116, time stamp:
0x50001496 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0, time stamp:
0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x0fa167e0 Faulting process id:
0xacc Faulting application start time: 0x01ce03f2d30ad28f Faulting application path:
C:\Users\customer\Desktop\Skype.exe Faulting module path: Vcs6Hook.dll Report Id:
6b038662-6fe6-11e2-9645-1c750821f4d9
Error - 2/5/2013 6:50:59 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.97, time
stamp: 0x50be88d8 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x038e67e0 Faulting
process id: 0x118c Faulting application start time: 0x01ce03ef49abfb6e Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: Vcs6Hook.dll Report Id: 8179f9d5-6fe6-11e2-9645-1c750821f4d9
Error - 2/5/2013 6:54:50 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: wmplayer.exe, version: 12.0.7600.16667,
time stamp: 0x4c7dc5a1 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x04ee67e0 Faulting
process id: 0x784 Faulting application start time: 0x01ce03f3c9b175e1 Faulting application
path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path:
Vcs6Hook.dll Report Id: 0b552307-6fe7-11e2-9645-1c750821f4d9
Error - 2/5/2013 7:04:05 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 23.0.1271.97, time
stamp: 0x50be88d8 Faulting module name: Vcs6Hook.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4683cda0 Exception code: 0xc0000005 Fault offset: 0x044567e0 Faulting
process id: 0xaf0 Faulting application start time: 0x01ce03f3469a4316 Faulting application
path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Faulting module
path: Vcs6Hook.dll Report Id: 5622c447-6fe8-11e2-9645-1c750821f4d9
[ System Events ]
Error - 2/10/2013 2:08:46 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Microsoft .NET Framework NGEN v4.0.30319_X86 service is marked
as an interactive service. However, the system is configured to not allow interactive
services. This service may not function properly.
Error - 2/10/2013 2:08:48 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The COM+ System Application service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 2/10/2013 2:08:49 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Google Update Service (gupdate) service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.
Error - 2/10/2013 2:08:50 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Google Software Updater service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 2/10/2013 2:08:50 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The HcwDevCentralService service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 2/10/2013 2:08:51 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Nero BackItUp Scheduler 4.0 service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.
Error - 2/10/2013 2:08:51 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Steam Client Service service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 2/10/2013 2:08:52 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The Adobe SwitchBoard service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.
Error - 2/10/2013 2:09:46 PM | Computer Name = max | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%-2147417831
Error - 2/10/2013 2:10:13 PM | Computer Name = max | Source = DCOM | ID = 10010
Description =
< End of report >