Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Appdata roaming windows templates authz.exe keeps opening right when i


  • Please log in to reply

#16
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
the folder that you told me to check was empty and i ran the test again and it just stayed at 49 again. my computer seems to be working a lot faster in safe mode, but i have not tried a normal boot since using combo. what next?


BTW thank you for all of your help and i think its great how you do this.
  • 0

Advertisements


#17
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hey so i checked the directory you told me too, and there was nothing in it, and i ran a test again and it stopped at 49. my computer seems to be running alot faster but it is still booted in safe mode. what do you think we should do next. and back to me saying my computer seems to be working a lot faster do you think its fixed or just cause im in safe mode. whats next?

BTW i tihnk its great what you are doing for me and the rest of the community. :thumbsup:
  • 0

#18
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hey so i checked the directory you told me too, and there was nothing in it, and i ran a test again and it stopped at 49. my computer seems to be running alot faster but it is still booted in safe mode. what do you think we should do next. and back to me saying my computer seems to be working a lot faster do you think its fixed or just cause im in safe mode. whats next?

BTW i tihnk its great what you are doing for me and the rest of the community. :thumbsup:
  • 0

#19
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
hey so i checked the directory you told me too, and there was nothing in it, and i ran a test again and it stopped at 49. my computer seems to be running alot faster but it is still booted in safe mode. what do you think we should do next. and back to me saying my computer seems to be working a lot faster do you think its fixed or just cause im in safe mode. whats next?

BTW i tihnk its great what you are doing for me and the rest of the community. :thumbsup:
  • 0

#20
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
sorry for the reposts didnt realize it was just a new page... i thought it was a new thread
  • 0

#21
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

sorry for the reposts didnt realize it was just a new page... i thought it was a new thread


No worries. :)

Even though ComboFix is not finishing I think we have made some progress.

Let's leave ComboFix now.

See if you can run Rogue Killer. You may have to try it more than once.

Post the log back here.

After that

Download and scan with SUPERAntiSpyware Free for Home Users

These instructions are quite old but hopefully you will be able to follow through okay.
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
So when you return please post
  • Rogue Killer log
  • SuperAntiSpyware scan results


  • 0

#22
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey the superanti scan is taking a while and i did run rogue in safe mode and it worked and my results came back in 3 docuemnts, here they are...

Doc1
RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User : customer [Admin rights]
Mode : Scan -- Date : 02/11/2013 00:09:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe -> STOPPED

¤¤¤ Registry Entries : 55 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GamersoulBT (C:\Users\customer\AppData\Roaming\MyFolder\GamersoulBT.exe) -> FOUND
[RUN][HJNAME] HKCU\[...]\Run : spoolsv.exe (C:\Users\customer\AppData\Roaming\svchost.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Google Updater (C:\Users\customer\AppData\Roaming\Microsoft\SysAudio.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : WinDefender (C:\Users\customer\AppData\Roaming\WinDefender.Exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : iexplorer (C:\Users\customer\AppData\Roaming\java.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Ihmytole (C:\Users\customer\AppData\Roaming\Uclo\ufat.exe) -> FOUND
[RUN][ROGUE ST] HKCU\[...]\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Microsoft Services ("C:\Users\customer\AppData\Local\Temp\homepremium.exe") -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : FacbookUpdate (C:\Users\customer\AppData\Roaming\FacbookUpdate.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : drkeye (C:\Users\customer\AppData\Roaming\Darkey.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : GamersoulBT (C:\Users\customer\AppData\Roaming\MyFolder\GamersoulBT.exe) -> FOUND
[RUN][HJNAME] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : spoolsv.exe (C:\Users\customer\AppData\Roaming\svchost.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : Google Updater (C:\Users\customer\AppData\Roaming\Microsoft\SysAudio.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : WinDefender (C:\Users\customer\AppData\Roaming\WinDefender.Exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : iexplorer (C:\Users\customer\AppData\Roaming\java.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : Ihmytole (C:\Users\customer\AppData\Roaming\Uclo\ufat.exe) -> FOUND
[RUN][ROGUE ST] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : Windows Microsoft Services ("C:\Users\customer\AppData\Local\Temp\homepremium.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : FacbookUpdate (C:\Users\customer\AppData\Roaming\FacbookUpdate.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Run : drkeye (C:\Users\customer\AppData\Roaming\Darkey.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : BYR_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : M0U2QzREMDIzODg2MDZCNk (C:\Users\customer\mfpdd.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Policies\Explorer\\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Policies\Explorer\\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Policies\Explorer\\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Policies\Explorer\\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Windows : load (C:\Users\customer\mfpdd.exe) -> FOUND
[SHELL][SUSP PATH] HKUS\S-1-5-21-2664367239-3075011552-1143883363-1000[...]\Windows : load (C:\Users\customer\mfpdd.exe) -> FOUND
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> FOUND
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[STARTUP][SUSP PATH] Subsonic.lnk @Common : C:\Users\customer\Desktop\Subsonic\subsonic-agent.exe -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKCU\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++
--- User ---
[MBR] 04ba566a168728de4b9e93cc55433253
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 463526 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02112013_02d0009.txt >>
RKreport[1]_S_02112013_02d0009.txt



Doc2
RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User : customer [Admin rights]
Mode : Remove -- Date : 02/11/2013 00:12:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe -> STOPPED

¤¤¤ Registry Entries : 34 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GamersoulBT (C:\Users\customer\AppData\Roaming\MyFolder\GamersoulBT.exe) -> DELETED
[RUN][HJNAME] HKCU\[...]\Run : spoolsv.exe (C:\Users\customer\AppData\Roaming\svchost.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Google Updater (C:\Users\customer\AppData\Roaming\Microsoft\SysAudio.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : WinDefender (C:\Users\customer\AppData\Roaming\WinDefender.Exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : iexplorer (C:\Users\customer\AppData\Roaming\java.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Ihmytole (C:\Users\customer\AppData\Roaming\Uclo\ufat.exe) -> DELETED
[RUN][ROGUE ST] HKCU\[...]\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Microsoft Services ("C:\Users\customer\AppData\Local\Temp\homepremium.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : FacbookUpdate (C:\Users\customer\AppData\Roaming\FacbookUpdate.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : drkeye (C:\Users\customer\AppData\Roaming\Darkey.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : BYR_AGENT (C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe) -> DELETED
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : M0U2QzREMDIzODg2MDZCNk (C:\Users\customer\mfpdd.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> DELETED
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Run : Windows Defender (C:\Users\customer\AppData\Roaming\62.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\\Run : xprsxxm (C:\Users\customer\AppData\Roaming\dad1.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\\Run : winpretenx (C:\Users\customer\AppData\Roaming\wass.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\\Run : sysmem (C:\Users\customer\AppData\Roaming\sysmem.exe) -> DELETED
[SHELL][SUSP PATH] HKCU\[...]\Windows : load (C:\Users\customer\mfpdd.exe) -> DELETED
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> DELETED
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> DELETED
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
[STARTUP][SUSP PATH] Subsonic.lnk @Common : C:\Users\customer\Desktop\Subsonic\subsonic-agent.exe -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKCU\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++
--- User ---
[MBR] 04ba566a168728de4b9e93cc55433253
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 463526 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02112013_02d0012.txt >>
RKreport[1]_S_02112013_02d0009.txt ; RKreport[2]_D_02112013_02d0012.txt



Doc3
RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Safe mode
User : customer [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/11/2013 00:15:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe -> STOPPED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 3 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 14 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 215 / Fail 0
My documents: Success 6 / Fail 6
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 8 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 59 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_02112013_02d0015.txt >>
RKreport[1]_S_02112013_02d0009.txt ; RKreport[2]_D_02112013_02d0012.txt ; RKreport[3]_SC_02112013_02d0015.txt
  • 0

#23
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Good work.

Look forward to seeing the SuperAntiSpyware one.

Getting late where I am now so I won't be around when it finishes.

Catch you in the morning my time (NZ time). :)
  • 0

#24
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
This is the scan i got From the SuperSPYWARE one



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/11/2013 at 02:50 AM

Application Version : 5.6.1014

Core Rules Database Version : 9990
Trace Rules Database Version: 7802

Scan type : Complete Scan
Total Scan Time : 02:14:37

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 650
Memory threats detected : 0
Registry items scanned : 71607
Registry threats detected : 4
File items scanned : 237240
File threats detected : 199

Browser Hijacker.Deskbar
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Trojan.Agent/Gen-Dropper
C:\PROGRAM FILES (X86)\NET TOOLS\CARRIER.EXE

Adware.Tracking Cookie
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.readserver.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.teen.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.px.steelhousemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.shopstyle.112.2o7.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.mlnadvertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.adreactor.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.adotube.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\CUSTOMER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cloud.bannergadgets.com [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]
core.insightexpressai.com [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]
core.saymedia.com [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]
s0.2mdn.net [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]
sftrack.searchforce.net [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]
static.discoverymedia.com [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]
tag.2bluemedia.hiro.tv [ C:\USERS\CUSTOMER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KXBMRBJ8 ]

Adware.ArcadeWeb
C:\USERS\CUSTOMER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]\COMPONENTS\LPTLF.DLL
C:\USERS\CUSTOMER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]\COMPONENTS\LPTLF2.DLL
C:\USERS\CUSTOMER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]\COMPONENTS\LPTLF3.DLL

Trojan.SVCHost/Fake
C:\USERS\CUSTOMER\APPDATA\ROAMING\SVCHOST.EXE

Adware.Vundo/Variant-MSFake
C:\USERS\CUSTOMER\DOCUMENTS\WINDOWS\WINSVCHGOST.EXE
C:\Windows\Prefetch\WINSVCHGOST.EXE-26E39564.pf

Trojan.Agent/Gen-Bifrose
C:\USERS\CUSTOMER\DOWNLOADS\AUTO KEYBOT TRIAL.EXE

Adware.Somoto
C:\USERS\CUSTOMER\DOWNLOADS\CHEATENGINE62 (1).EXE
C:\USERS\CUSTOMER\DOWNLOADS\CHEATENGINE62 (6).EXE
C:\USERS\CUSTOMER\DOWNLOADS\PLANTSVSZOMBIESSETUP_1_3ZIP_DOWNLOADER_BY_ONEONLINEGAMES.EXE

Heur.Agent/Gen-WhiteBox
C:\USERS\CUSTOMER\DOWNLOADS\INSTALLER_CHEAT_ENGINE_ENGLISH (1).EXE
C:\USERS\CUSTOMER\DOWNLOADS\INSTALLER_CHEAT_ENGINE_ENGLISH.EXE

PUP.SoftDownloader
C:\USERS\CUSTOMER\DOWNLOADS\POKEMON EMERALD VERSION SETUP.EXE

Trojan.Agent/Gen-OnlineGames
ZIP ARCHIVE( C:\USERS\CUSTOMER\DOWNLOADS\ZAKURAMS.ZIP )/ZAKURAMS.EXE
C:\USERS\CUSTOMER\DOWNLOADS\ZAKURAMS.ZIP

Trojan.Agent/Gen
C:\USERS\CUSTOMER\WGSDGSDGDSGSD.EXE

Trojan.Unclassified/Dropper
C:\WINDOWS\SYSTEM32\ARFC\WRTC.EXE
C:\Windows\Prefetch\WRTC.EXE-23465A2D.pf
  • 0

#25
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Looking good. :thumbsup:

Now please run ComboFix in normal mode and post the log back here.
  • 0

Advertisements


#26
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Combofix did work in normal mode this time, but it remained frozen at 49 for about half an hour. next?
  • 0

#27
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Moving on then

  • Close all windows and open OTL again.
  • under the Extra Registry heading please check Use SafeList
  • Click Run Scan and let the program run uninterrupted
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#28
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
im running the test now and ill post the resulsts when it is finsihed
  • 0

#29
jbayerr

jbayerr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
here is otl.txt



OTL logfile created on: 2/11/2013 12:45:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\customer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 76.06% Memory free
15.49 Gb Paging File | 13.58 Gb Available in Paging File | 87.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 341.38 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive E: | 4.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAX | User Name: customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 12:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\customer\Desktop\OTL (1).exe
PRC - [2013/02/10 21:46:52 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/02/10 13:08:51 | 001,114,112 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2012/12/26 23:08:58 | 001,644,544 | ---- | M] (Zoom Downloader) -- C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe
PRC - [2012/12/25 13:06:12 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files (x86)\UnHackMe\hackmon.exe
PRC - [2012/12/19 22:50:52 | 001,645,856 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/09/05 20:00:30 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012/05/29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2010/06/28 17:23:18 | 000,258,304 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2010/03/11 09:32:50 | 001,541,472 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/03/03 08:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 08:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/16 14:16:06 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/11 12:10:40 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2013/02/11 12:10:14 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/02/11 12:10:13 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/02/11 12:10:13 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/11 12:10:13 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/02/11 12:10:13 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/02/07 18:18:05 | 012,459,888 | ---- | M] () -- C:\Users\customer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013/01/15 10:17:14 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\07e052b2219f181a8b3da6b7b26cff06\System.Web.ni.dll
MOD - [2013/01/15 10:17:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/15 10:17:06 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9068074964b477b113e4be12d11d21ca\System.Data.ni.dll
MOD - [2013/01/15 10:10:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e\System.Windows.Forms.ni.dll
MOD - [2013/01/15 10:10:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/15 10:09:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e28d850a18bb8287dadb8aa7e3e779fc\System.Xml.ni.dll
MOD - [2013/01/15 10:09:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/15 10:09:29 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/15 10:09:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/28 17:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2010/03/11 09:32:54 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/03/11 09:32:42 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/03/11 09:32:28 | 000,632,056 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/12/16 14:16:06 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/05/20 01:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/11 12:31:46 | 000,370,176 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/03/28 19:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/11 03:04:37 | 000,718,336 | ---- | M] (Valve Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/10 13:54:36 | 000,262,144 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013/02/10 13:08:52 | 000,697,344 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2013/02/10 13:08:51 | 001,114,112 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2013/02/10 13:08:50 | 000,470,016 | ---- | M] (Hauppauge Computer Works, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe -- (HcwDevCentralService)
SRV - [2013/02/10 13:08:46 | 000,308,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/10 13:08:44 | 000,244,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2010/06/28 17:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 08:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/26 16:46:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 22:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/25 06:18:26 | 000,576,944 | ---- | M] (Hauppauge Computer Work, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwE5bda.sys -- (hcwE5bda)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/05 08:47:49 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 01:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 01:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 01:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/04/06 21:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/28 19:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/28 18:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/20 13:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/02/08 08:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 06:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 02:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 04:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2013/02/10 13:21:03 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...14z185a48l2d355
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.77searchengines.com/?op [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6OyZjH0Mp6&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2790392
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{067D9AAC-CD10-4DEB-BB40-1D20BA76545C}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...GW_enUS437US437
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{8FE0713C-97F0-482B-B047-D0117B9DBE67}: "URL" = http://search.condui...&ctid=CT3237160
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyZjH0Mp6&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}
IE - HKCU\..\SearchScopes\{FB2CFCCE-EC9E-4801-B460-076DF32B74D6}: "URL" = http://search.yahoo....0110627,0,0,0,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013/01/05 20:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/10 16:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/27 00:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013/01/05 20:12:32 | 000,000,000 | ---D | M]

[2011/06/27 16:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\customer\AppData\Roaming\mozilla\Extensions
[2012/08/12 13:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\customer\AppData\Roaming\mozilla\Firefox\extensions
[2012/08/12 13:57:17 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\customer\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/01/05 20:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.13.20.300_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.13.20.300_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Display Engine v2 (Enabled) = C:\Program Files (x86)\LivingPlay\nplplaypop.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: South Park = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.4_0\
CHR - Extension: Google Drive = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: XJZ Survey Remover = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cphljojhgmnabimjemakjleocdheengh\3.5.0.1_0\
CHR - Extension: Google Chrome = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlddmedljhmbgdhapibnagaanenmajcm\1.0_0\
CHR - Extension: Don't Starve = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: Gmail = C:\Users\customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2:64bit: - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper Toolbar) - {9D0F7EB2-452D-4766-B535-8D23E36C300E} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [win32] C:\kernels\drivers.vbs ()
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DownloadManager] C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe (Zoom Downloader)
O4 - HKCU..\Run: [Facebook Update] C:\Users\customer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Java] C:\Windows\SysWOW64\Java\JavaUpdate.exe ()
O4 - HKCU..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\customer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - Startup: C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Central Tray Tool.lnk = C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 3D 11 5F C0 FC 05 2F 6A 12 04 00 00 00 30 00 00 8C 78 2F EC A5 0B F5 84 30 04 D7 DF 5E AD 08 F4 E3 77 A6 2F AC 62 03 11 A7 94 1C A7 71 05 54 04 17 BC D0 C1 9D 92 54 37 D6 68 64 22 04 D4 68 6B EC 59 FF EC 5B 5E D5 7E 76 DE 76 99 28 F1 80 0D 0A FD F8 31 4F 18 C8 FC 3B 6B 58 C3 5E 78 A1 DE 3D 5A CB 84 58 73 AF 34 ED 9F 2A 56 6B FF 7A F6 3C 0B 37 14 35 83 50 04 31 CC 19 AE 68 45 42 CE 6A 01 17 EB 7D EF 9A 03 2A 4A 71 66 4F 0D 09 66 61 69 A4 CE 88 32 40 8C 8A 29 EC D9 C0 48 72 79 5D C5 A1 0C 2F 07 CD C4 02 1B 14 FD FB 90 34 27 3E 53 87 74 B0 10 0A 38 6B C7 16 32 79 3F A0 E9 56 A8 D5 12 71 FE B9 5C 7A 74 BE 30 E2 48 53 74 6F 68 27 5C 3E AA F8 49 FC 04 B4 83 B1 08 1A 14 10 E0 C5 2A B8 CB 26 1A B9 A6 C0 6C 07 0F 84 12 EC 70 13 08 6F 57 7C CE 39 AA 26 0C D3 0C 95 1B 49 A1 83 31 0B 54 1C BA 97 19 6F 9C A0 B6 4A 25 71 70 B5 F3 12 56 A8 E6 32 E9 E2 CA 6C E3 1D 8F 95 EF F8 41 61 6B 37 22 4B FA CF 63 54 BD EA B1 7D F3 02 48 07 3B 17 F6 80 65 35 B6 0D 14 E1 0E 27 F3 C6 7C E5 AC 1B A6 E2 12 70 89 68 AC 22 48 84 EF 76 F4 88 0D 23 0B 5A 89 F1 73 3D E0 D1 EF DD 78 38 95 FA 58 97 87 35 41 AE 23 40 D9 83 84 BD 3D AF 1F 7C 23 B3 01 28 2A 59 E6 22 56 A9 46 77 D3 0A E8 03 E1 30 C3 7A 62 E4 90 6A D9 A5 40 F3 FE 2C A0 8B C6 10 35 C3 D7 C3 EB CA CE 7D 7C A3 81 BD 3B 6C 28 93 59 12 33 3A C7 44 87 E2 39 B9 19 B1 BA 47 8C 6C 2B 68 F8 B9 BC 0B A9 C3 20 41 99 65 2C 71 F1 06 EF 90 05 5C 46 D6 82 B8 CE B2 E6 13 A1 93 23 50 2E 50 DD A7 7E 9D 42 1B 20 CD D4 FF 41 F6 F4 2D EB F3 F8 A5 C2 72 BB 72 10 F9 AB B9 CF C8 60 B2 56 8A EC 44 91 37 A0 48 5C 98 C6 58 9B 79 CE 65 74 F1 49 9A 2F 13 64 AB 10 08 50 6B CD 0C A4 07 AE F8 93 09 FA A0 9F 4A C4 98 78 52 9C 7D 25 30 5B 28 13 10 E0 4A A0 FB 4F D1 78 86 6B 7D 4A 51 34 75 FF 5C 39 8E 33 AD 7E 67 32 A7 50 74 E9 CE CF B0 00 86 42 ED 92 1B 18 94 5A AD 59 57 30 2F 7C B8 89 C5 C9 C4 A1 AA 60 C7 75 1A B1 A7 A5 29 C9 A6 9B 6F 9D BE 57 56 74 E3 9A F3 45 8D 66 C0 88 33 42 08 81 FC 76 EC 4F 9C 0C A8 1B 25 84 2D C7 C4 50 3A 8D 19 EE A8 E8 98 BC 93 BF 52 26 5A B8 F3 D7 16 1A D6 47 75 5F 0F 41 80 37 B6 C8 1E AF 8B 4E AB 84 95 79 E5 A6 8C 4D E3 4D 4A 59 7A 4B 68 33 2B 01 17 D9 1C 10 20 BE D5 4F 5D 3C AC 9E 6A 44 B0 57 34 B3 97 F3 EB C9 9B 2F 5E 3C E5 2C 67 56 38 76 91 CE 9D E2 8F 46 71 FB E6 BC D9 4C D8 44 EF 52 85 D6 F0 C2 C7 20 5E 5F 2D 71 90 6D 02 46 E7 99 DF DA C8 58 36 7B 56 3A 5F 11 FD 88 EC 6A 1B F8 D3 39 ED D2 36 25 24 80 D0 51 CE 66 C5 C0 6C 3A 98 88 E6 10 6D F8 94 4A 9F 4D C6 3E DD 25 B8 56 8E FB 4F 7B BA AD 6A CC EC E8 95 D4 6C 4D 6E 3D CE ED 8C 2D FA 41 26 62 13 D2 F2 6C 74 C9 5F 3B BC 8B 06 E4 E8 BA E6 91 C2 BC F5 2A D8 06 E7 C4 C5 94 7B B9 33 30 98 DB 80 C5 76 2F BD 4B 7F 50 F3 9E E9 6D 40 40 62 F5 AE 1F 6B 53 20 8F 9B 7D 34 A5 F2 C0 B6 C3 16 16 55 FA 0D 21 60 AD 85 64 17 ED F4 FD A0 83 82 53 D4 6B 15 75 F4 CB 66 59 4D B3 85 5C 00 54 BD D4 E4 26 F4 8B DA 5C 74 2A 80 FA CF C7 86 C4 38 17 77 74 F2 5A C3 21 29 24 9B 76 01 33 BC E6 05 61 16 B2 76 EF CA 9B 55 C9 D9 AC FB 91 E3 D4 94 02 A6 8D 26 6D C2 FE 0D 76 1E F0 E9 E5 5D 47 55 ED D2 05 37 30 7A 79 B7 97 C5 EE D7 6B 13 29 C1 6A 60 3C 39 E9 9F 3E FA 31 AC 32 66 2C CD 63 AE B3 A1 1D FD 32 BD 4F CF AA 51 B6 37 19 5B AB 93 AD E9 82 B0 27 A8 4B 63 5B 2B BC 1E 80 2C 09 [Binary data over 200 bytes]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O9:64bit: - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
O9 - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O9 - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE462EC-D26F-48CC-9AE9-85B5774CAF04}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F1166FC-0AD1-40F7-87DD-90B2D3AE3D32}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\Java\JavaUpdate.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/04 13:12:58 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/11 12:45:58 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\GG3_V1.1.0.2
[2013/02/11 12:44:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\customer\Desktop\OTL (1).exe
[2013/02/11 12:25:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/02/11 00:23:51 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/11 00:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/11 00:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/11 00:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/10 23:44:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/10 21:58:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/10 21:58:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/10 21:58:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/10 21:57:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/10 18:40:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/10 18:29:17 | 000,757,760 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\Darkey.exe
[2013/02/10 14:00:48 | 000,073,728 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\cfopoa.exe
[2013/02/10 13:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/02/10 13:21:03 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2013/02/10 13:20:32 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\RegRun2
[2013/02/10 13:20:30 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2013/02/10 13:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2013/02/10 13:20:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/02/10 13:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2013/02/10 13:07:44 | 000,217,424 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\62.exe
[2013/02/10 12:36:29 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Logs
[2013/02/10 01:53:59 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\WinDbg
[2013/02/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\Windows
[2013/02/09 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\Services
[2013/02/09 19:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegTweaker
[2013/02/09 19:06:04 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Kinect
[2013/02/09 18:54:04 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Engaged
[2013/02/09 18:44:46 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Uniblue
[2013/02/09 18:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/02/09 18:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegUtility
[2013/02/09 10:29:38 | 000,544,768 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
[2013/02/09 07:17:16 | 000,237,568 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
[2013/02/08 17:54:59 | 000,000,000 | --SD | C] -- C:\Users\customer\AppData\Roaming\msnmsgr
[2013/02/08 17:40:19 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
[2013/02/08 17:40:02 | 000,858,112 | ---- | C] (Microsoft Corp.) -- C:\Users\customer\AppData\Roaming\egoxwe.exe
[2013/02/08 17:30:06 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Happauge Recorder
[2013/02/07 18:05:55 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Uclo
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Taurog
[2013/02/06 22:47:25 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Fuwie
[2013/02/05 18:50:50 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Audacity
[2013/02/05 18:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/02/05 18:12:35 | 000,000,000 | ---D | C] -- C:\vcs5core
[2013/02/05 18:12:35 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2013/02/05 18:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AV Voice Changer Software DIAMOND
[2013/02/05 18:09:16 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Voice Changer Software DIAMOND
[2013/02/02 21:00:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/01/29 20:40:16 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Java
[2013/01/28 12:29:27 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Local\GameTuts
[2013/01/27 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/01/27 23:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/01/27 23:28:47 | 000,044,928 | ---- | C] (ManyCam LLC) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys
[2013/01/27 23:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2013/01/27 17:16:56 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\Unlimited Cheating
[2013/01/20 23:51:46 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\MSNInstaller
[2013/01/20 23:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2013/01/19 19:36:51 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\TmForever
[2013/01/19 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever
[2013/01/19 19:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2013/01/19 19:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2013/01/15 22:54:06 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Roaming\YourFileDownloader
[2013/01/15 22:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2013/01/15 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\MapleHacks
[2013/01/15 11:44:55 | 000,000,000 | ---D | C] -- C:\Users\customer\Desktop\Maple Backup
[2013/01/15 09:41:36 | 000,000,000 | ---D | C] -- C:\Nexon
[2013/01/15 09:06:34 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/15 09:06:34 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/15 09:04:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/15 09:04:40 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/15 09:04:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/15 09:04:26 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/15 09:04:26 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/15 09:04:26 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/15 09:04:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/15 09:04:26 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/15 09:04:26 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/15 09:04:26 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/15 09:04:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/15 09:04:26 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/15 09:04:25 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/15 09:04:25 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/15 09:04:25 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/15 09:04:25 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/15 09:04:25 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/15 09:04:25 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/15 09:04:25 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/15 09:04:25 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/15 09:04:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/15 09:04:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/15 09:04:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/15 09:04:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/15 09:04:25 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/15 09:04:25 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/15 09:04:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/15 09:04:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/15 09:04:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/15 09:04:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/15 09:04:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/15 09:04:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/15 09:04:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/15 09:04:24 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/15 09:04:07 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/15 09:04:04 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/15 09:04:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/15 09:04:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/15 09:04:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/15 09:04:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/15 09:04:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/15 09:04:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/15 09:04:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/15 09:04:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/15 09:04:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/15 09:04:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/15 09:04:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/15 09:04:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/15 09:04:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/15 09:04:02 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/15 09:04:02 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/15 09:04:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/15 09:04:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/15 09:04:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/15 09:04:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/15 09:04:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/15 09:04:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/15 09:04:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/15 09:04:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/15 09:03:23 | 4265,379,000 | ---- | C] (Nexon) -- C:\MSSetupv125.exe
[2013/01/15 07:49:28 | 000,000,000 | ---D | C] -- C:\Users\customer\AppData\Local\ElevatedDiagnostics
[2013/01/15 07:45:51 | 000,000,000 | ---D | C] -- C:\Users\customer\Documents\MSDCSC
[2012/10/06 19:11:20 | 000,819,712 | ---- | C] (Ufasoft) -- C:\Users\customer\AppData\Roaming\usft_ext.dll
[2012/10/06 19:11:10 | 000,252,416 | ---- | C] (Windows) -- C:\Users\customer\AppData\Roaming\miner.dll
[2009/07/13 18:31:52 | 000,135,168 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxmibgpxp.exe
[2009/07/13 18:31:52 | 000,081,920 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxleka.exe
[2009/07/13 18:31:52 | 000,073,728 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxnuqoqaj.exe
[2009/07/13 18:31:52 | 000,073,728 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxhrkqq.exe
[2009/07/13 18:31:52 | 000,073,728 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxdbrrab.exe
[2009/07/13 15:46:42 | 001,347,584 | ---- | C] (Microsoft Corporation) -- C:\Users\customer\AppData\Roaming\For josh.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/11 12:44:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\customer\Desktop\OTL (1).exe
[2013/02/11 12:34:47 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2013/02/11 12:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 12:29:31 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664367239-3075011552-1143883363-1000UA.job
[2013/02/11 12:16:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 12:16:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 12:09:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 12:09:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 12:09:02 | 1942,142,975 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 08:24:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7e6b8aa3-3fd7-4dda-950a-418882788490.job
[2013/02/11 06:38:20 | 000,484,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2013/02/11 05:12:01 | 000,527,360 | ---- | M] (Dritek System Inc.) -- C:\Windows\UNINSTLMv4.EXE
[2013/02/11 05:12:00 | 000,215,552 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2013/02/11 05:06:06 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xwizard.exe
[2013/02/11 05:06:06 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xcopy.exe
[2013/02/11 05:06:05 | 000,499,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2013/02/11 05:06:05 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/02/11 05:06:05 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2013/02/11 05:06:04 | 000,382,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2013/02/11 05:06:04 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\write.exe
[2013/02/11 05:06:03 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WPDShextAutoplay.exe
[2013/02/11 05:06:03 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wowreg32.exe
[2013/02/11 05:06:01 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winver.exe
[2013/02/11 05:06:01 | 000,224,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2013/02/11 05:06:01 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2013/02/11 05:05:56 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wimserv.exe
[2013/02/11 05:05:55 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/02/11 05:05:55 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\whoami.exe
[2013/02/11 05:05:55 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\where.exe
[2013/02/11 05:05:54 | 000,359,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtutil.exe
[2013/02/11 05:05:54 | 000,336,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/02/11 05:05:54 | 000,238,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wermgr.exe
[2013/02/11 05:05:53 | 000,544,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2013/02/11 05:05:53 | 000,264,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2013/02/11 05:05:53 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2013/02/11 05:05:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w32tm.exe
[2013/02/11 05:05:47 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\waitfor.exe
[2013/02/11 05:05:46 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vssadmin.exe
[2013/02/11 05:05:46 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\verifier.exe
[2013/02/11 05:05:46 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\verclsid.exe
[2013/02/11 05:05:45 | 001,581,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Utilman.exe
[2013/02/11 05:05:45 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UserAccountControlSettings.exe
[2013/02/11 05:05:45 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\userinit.exe
[2013/02/11 05:05:44 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2013/02/11 05:05:44 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\upnpcont.exe
[2013/02/11 05:05:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tzutil.exe
[2013/02/11 05:05:43 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\unlodctr.exe
[2013/02/11 05:05:42 | 000,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\typeperf.exe
[2013/02/11 05:05:42 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TSTheme.exe
[2013/02/11 05:05:42 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TRACERT.EXE
[2013/02/11 05:05:41 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tracerpt.exe
[2013/02/11 05:05:41 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TpmInit.exe
[2013/02/11 05:05:40 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timeout.exe
[2013/02/11 05:05:40 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2013/02/11 05:05:39 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tcmsetup.exe
[2013/02/11 05:05:37 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskmgr.exe
[2013/02/11 05:05:36 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TapiUnattend.exe
[2013/02/11 05:05:35 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SystemPropertiesRemote.exe
[2013/02/11 05:05:35 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\takeown.exe
[2013/02/11 05:05:35 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\systray.exe
[2013/02/11 05:05:34 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SystemPropertiesProtection.exe
[2013/02/11 05:05:34 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SystemPropertiesHardware.exe
[2013/02/11 05:05:33 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SystemPropertiesDataExecutionPrevention.exe
[2013/02/11 05:05:33 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SystemPropertiesComputerName.exe
[2013/02/11 05:05:33 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SystemPropertiesAdvanced.exe
[2013/02/11 05:05:32 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\systeminfo.exe
[2013/02/11 05:05:31 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncHost.exe
[2013/02/11 05:05:31 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\syskey.exe
[2013/02/11 05:05:31 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sxstrace.exe
[2013/02/11 05:05:30 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\subst.exe
[2013/02/11 05:05:29 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ssText3d.scr
[2013/02/11 05:05:24 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2013/02/11 05:05:24 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sort.exe
[2013/02/11 05:05:22 | 000,576,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\shrpubw.exe
[2013/02/11 05:05:22 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sfc.exe
[2013/02/11 05:05:22 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\shutdown.exe
[2013/02/11 05:05:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setupugc.exe
[2013/02/11 05:05:21 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setx.exe
[2013/02/11 05:05:21 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setupSNK.exe
[2013/02/11 05:05:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/11 05:05:19 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2013/02/11 05:05:19 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/02/11 05:05:19 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secinit.exe
[2013/02/11 05:05:18 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SecEdit.exe
[2013/02/11 05:05:17 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sdchange.exe
[2013/02/11 05:05:17 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sdiagnhost.exe
[2013/02/11 05:05:16 | 000,364,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2013/02/11 05:05:16 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2013/02/11 05:05:16 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\scrnsave.scr
[2013/02/11 05:05:15 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\runonce.exe
[2013/02/11 05:05:15 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sc.exe
[2013/02/11 05:05:15 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sbunattend.exe
[2013/02/11 05:05:14 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RunLegacyCPLElevated.exe
[2013/02/11 05:05:14 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\runas.exe
[2013/02/11 05:05:13 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2013/02/11 05:05:12 | 000,281,600 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\Robocopy.exe
[2013/02/11 05:05:12 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RpcPing.exe
[2013/02/11 05:05:12 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2013/02/11 05:05:11 | 000,461,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2013/02/11 05:05:11 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RmClient.exe
[2013/02/11 05:05:10 | 000,508,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2013/02/11 05:05:10 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2013/02/11 05:05:10 | 000,464,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2013/02/11 05:05:09 | 000,404,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Ribbons.scr
[2013/02/11 05:05:09 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\resmon.exe
[2013/02/11 05:05:08 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\relog.exe
[2013/02/11 05:05:08 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\replace.exe
[2013/02/11 05:05:08 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\regsvr32.exe
[2013/02/11 05:05:07 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/02/11 05:05:07 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\regini.exe
[2013/02/11 05:05:07 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\regedt32.exe
[2013/02/11 05:05:06 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\reg.exe
[2013/02/11 05:05:05 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdrleakdiag.exe
[2013/02/11 05:05:05 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013/02/11 05:05:05 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\recover.exe
[2013/02/11 05:05:04 | 000,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\raserver.exe
[2013/02/11 05:05:04 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdial.exe
[2013/02/11 05:05:04 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rasphone.exe
[2013/02/11 05:05:03 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rasautou.exe
[2013/02/11 05:05:02 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\proquota.exe
[2013/02/11 05:05:01 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.exe
[2013/02/11 05:05:00 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2013/02/11 05:05:00 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2013/02/11 05:05:00 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\print.exe
[2013/02/11 05:04:59 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.exe
[2013/02/11 05:04:57 | 000,394,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PkgMgr.exe
[2013/02/11 05:04:57 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PING.EXE
[2013/02/11 05:04:56 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfmon.exe
[2013/02/11 05:04:56 | 000,200,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pcaui.exe
[2013/02/11 05:04:55 | 000,830,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2013/02/11 05:04:55 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OptionalFeatures.exe
[2013/02/11 05:04:55 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PATHPING.EXE
[2013/02/11 05:04:54 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2013/02/11 05:04:53 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcad32.exe
[2013/02/11 05:04:53 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.exe
[2013/02/11 05:04:52 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2013/02/11 05:04:52 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.exe
[2013/02/11 05:04:51 | 000,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2013/02/11 05:04:50 | 000,636,416 | ---- | M] () -- C:\Windows\SysWow64\nmap.exe
[2013/02/11 05:04:50 | 000,475,136 | ---- | M] () -- C:\Windows\SysWow64\nmapserv.exe
[2013/02/11 05:04:50 | 000,262,144 | ---- | M] (JVSoftware) -- C:\Windows\SysWow64\nmapwin.exe
[2013/02/11 05:04:49 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2013/02/11 05:04:48 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2013/02/11 05:04:47 | 000,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netsh.exe
[2013/02/11 05:04:47 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Netplwiz.exe
[2013/02/11 05:04:47 | 000,209,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netiougc.exe
[2013/02/11 05:04:46 | 000,343,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\net1.exe
[2013/02/11 05:04:46 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\net.exe
[2013/02/11 05:04:46 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2013/02/11 05:04:45 | 000,259,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe
[2013/02/11 05:04:44 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\NAPSTAT.EXE
[2013/02/11 05:04:44 | 000,405,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Mystify.scr
[2013/02/11 05:04:44 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MuiUnattend.exe
[2013/02/11 05:04:42 | 001,218,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/02/11 05:04:42 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mtstocom.exe
[2013/02/11 05:04:42 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msra.exe
[2013/02/11 05:04:40 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/02/11 05:04:39 | 001,167,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msdt.exe
[2013/02/11 05:04:39 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2013/02/11 05:04:38 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/02/11 05:04:38 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mobsync.exe
[2013/02/11 05:04:38 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mountvol.exe
[2013/02/11 05:04:20 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MigAutoPlay.exe
[2013/02/11 05:04:20 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2013/02/11 05:04:19 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2013/02/11 05:04:19 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mcbuilder.exe
[2013/02/11 05:04:19 | 000,283,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\makecab.exe
[2013/02/11 05:04:16 | 000,266,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2013/02/11 05:04:12 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2013/02/11 05:04:12 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\lodctr.exe
[2013/02/11 05:04:11 | 000,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationNotifications.exe
[2013/02/11 05:04:11 | 000,199,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ktmutil.exe
[2013/02/11 05:04:11 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\label.exe
[2013/02/11 05:04:09 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicpl.exe
[2013/02/11 05:04:09 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\isoburn.exe
[2013/02/11 05:04:08 | 000,329,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iscsicli.exe
[2013/02/11 05:04:08 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ipconfig.exe
[2013/02/11 05:04:08 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/11 05:03:57 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\InfDefaultInstall.exe
[2013/02/11 05:03:49 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/02/11 05:03:49 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/11 05:03:48 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013/02/11 05:03:48 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icsunattend.exe
[2013/02/11 05:03:47 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2013/02/11 05:03:47 | 000,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icacls.exe
[2013/02/11 05:03:46 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\hh.exe
[2013/02/11 05:03:46 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2013/02/11 05:03:45 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\hdwwiz.exe
[2013/02/11 05:03:45 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\help.exe
[2013/02/11 05:03:44 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gpupdate.exe
[2013/02/11 05:03:44 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\grpconv.exe
[2013/02/11 05:03:43 | 000,249,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\getmac.exe
[2013/02/11 05:03:42 | 000,258,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2013/02/11 05:03:42 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2013/02/11 05:03:41 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontview.exe
[2013/02/11 05:03:41 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\forfiles.exe
[2013/02/11 05:03:41 | 000,203,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fltMC.exe
[2013/02/11 05:03:40 | 000,875,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/11 05:03:40 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2013/02/11 05:03:40 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2013/02/11 05:03:39 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2013/02/11 05:03:39 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\find.exe
[2013/02/11 05:03:38 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\extrac32.exe
[2013/02/11 05:03:38 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fc.exe
[2013/02/11 05:03:37 | 002,799,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/02/11 05:03:37 | 000,264,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\eventvwr.exe
[2013/02/11 05:03:37 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\expand.exe
[2013/02/11 05:03:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2013/02/11 05:03:36 | 000,307,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\esentutl.exe
[2013/02/11 05:03:36 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcreate.exe
[2013/02/11 05:03:17 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorAuthn.exe
[2013/02/11 05:03:16 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxdiag.exe
[2013/02/11 05:03:16 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWWIN.EXE
[2013/02/11 05:03:16 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\efsui.exe
[2013/02/11 05:03:15 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dvdupgrd.exe
[2013/02/11 05:03:15 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dvdplay.exe
[2013/02/11 04:59:25 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\driverquery.exe
[2013/02/11 04:59:24 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DpiScaling.exe
[2013/02/11 04:59:24 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/02/11 04:59:24 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dplaysvr.exe
[2013/02/11 04:59:23 | 000,256,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapimig.exe
[2013/02/11 04:59:23 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013/02/11 04:59:23 | 000,200,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\doskey.exe
[2013/02/11 04:59:22 | 000,262,144 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2013/02/11 04:59:22 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dllhst3g.exe
[2013/02/11 04:59:21 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DisplaySwitch.exe
[2013/02/11 04:59:21 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Dism.exe
[2013/02/11 04:59:20 | 000,460,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2013/02/11 04:59:19 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2013/02/11 04:59:19 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diskperf.exe
[2013/02/11 04:59:18 | 000,771,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dfrgui.exe
[2013/02/11 04:59:18 | 000,279,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\diantz.exe
[2013/02/11 04:59:18 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DeviceProperties.exe
[2013/02/11 04:59:18 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dialer.exe
[2013/02/11 04:59:17 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingWizard.exe
[2013/02/11 04:59:17 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ddodiag.exe
[2013/02/11 04:59:16 | 001,052,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dccw.exe
[2013/02/11 04:59:16 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dcomcnfg.exe
[2013/02/11 04:59:15 | 000,493,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cttune.exe
[2013/02/11 04:59:15 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cttunesvr.exe
[2013/02/11 04:59:14 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/02/11 04:59:14 | 000,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\credwiz.exe
[2013/02/11 04:59:13 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\convert.exe
[2013/02/11 04:58:17 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ComputerDefaults.exe
[2013/02/11 04:58:17 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\comp.exe
[2013/02/11 04:58:17 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\compact.exe
[2013/02/11 04:58:15 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\colorcpl.exe
[2013/02/11 04:58:15 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmstp.exe
[2013/02/11 04:58:14 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdl32.exe
[2013/02/11 04:58:14 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmmon32.exe
[2013/02/11 04:58:14 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdkey.exe
[2013/02/11 04:58:13 | 000,485,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.exe
[2013/02/11 04:58:13 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cliconfg.exe
[2013/02/11 04:58:13 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\clip.exe
[2013/02/11 04:58:12 | 000,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cleanmgr.exe
[2013/02/11 04:58:12 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cipher.exe
[2013/02/11 04:58:12 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\choice.exe
[2013/02/11 04:58:11 | 000,339,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe
[2013/02/11 04:58:11 | 000,201,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\chkntfs.exe
[2013/02/11 04:58:11 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\chkdsk.exe
[2013/02/11 04:58:10 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/02/11 04:58:10 | 000,447,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certreq.exe
[2013/02/11 04:58:10 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnrollCtrl.exe
[2013/02/11 04:58:07 | 001,062,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Bubbles.scr
[2013/02/11 04:58:07 | 000,960,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe
[2013/02/11 04:58:07 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cacls.exe
[2013/02/11 04:58:06 | 000,370,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\bitsadmin.exe
[2013/02/11 04:58:06 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\bootcfg.exe
[2013/02/11 04:58:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\bthudtask.exe
[2013/02/11 04:58:04 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2013/02/11 04:58:04 | 000,213,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AtBroker.exe
[2013/02/11 04:58:04 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\attrib.exe
[2013/02/11 04:58:03 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\at.exe
[2013/02/11 04:58:03 | 000,205,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2013/02/11 04:57:59 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\AdapterTroubleshooter.exe
[2013/02/11 02:00:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0a9f410d-22f8-45a6-8301-64946642a5ae.job
[2013/02/11 00:37:18 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/11 00:37:17 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/11 00:37:17 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/11 00:23:49 | 000,001,815 | ---- | M] () -- C:\Users\customer\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/11 00:06:54 | 480,013,587 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/11 00:06:11 | 000,007,818 | ---- | M] () -- C:\Users\customer\AppData\Roaming\rsspec01
[2013/02/10 23:47:59 | 000,000,097 | ---- | M] () -- C:\Users\customer\AppData\Local\dfl26z32.dll
[2013/02/10 23:46:03 | 000,000,065 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/02/10 23:45:48 | 000,041,472 | ---- | M] () -- C:\Users\customer\AppData\Roaming\wmdc.exe
[2013/02/10 23:45:31 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\newdefault.ini
[2013/02/10 21:51:12 | 000,002,389 | ---- | M] () -- C:\Users\customer\AppData\Roaming\62
[2013/02/10 20:10:06 | 000,533,504 | ---- | M] (Ask.com) -- C:\Users\customer\Documents\ApnStub.exe
[2013/02/10 20:05:59 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\control.exe
[2013/02/10 20:04:27 | 001,347,584 | ---- | M] (Microsoft Corporation) -- C:\Users\customer\AppData\Roaming\For josh.exe
[2013/02/10 20:04:26 | 000,858,112 | ---- | M] (Microsoft Corp.) -- C:\Users\customer\AppData\Roaming\egoxwe.exe
[2013/02/10 19:52:43 | 000,004,192 | ---- | M] () -- C:\Users\customer\AppData\Roaming\xprdssx
[2013/02/10 19:52:39 | 000,003,309 | ---- | M] () -- C:\Users\customer\AppData\Roaming\xprdss
[2013/02/10 18:33:00 | 000,757,760 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\Darkey.exe
[2013/02/10 18:29:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2664367239-3075011552-1143883363-1000Core.job
[2013/02/10 18:04:46 | 000,073,728 | --S- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxdbrrab.exe
[2013/02/10 14:00:50 | 000,073,728 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\cfopoa.exe
[2013/02/10 13:41:31 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2013/02/10 13:21:03 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/02/10 13:20:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/02/10 13:20:27 | 000,044,544 | ---- | M] () -- C:\Windows\SysWow64\fbfpnee.exe
[2013/02/10 13:07:44 | 000,217,424 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\62.exe
[2013/02/10 12:54:15 | 000,000,211 | ---- | M] () -- C:\Users\customer\AppData\Roaming\22222222
[2013/02/09 21:30:56 | 000,000,736 | ---- | M] () -- C:\Users\customer\AppData\Roaming\MaxMishkin
[2013/02/09 20:27:18 | 000,000,446 | ---- | M] () -- C:\Users\customer\AppData\Roaming\runmdc
[2013/02/09 10:29:38 | 000,544,768 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
[2013/02/09 07:22:03 | 000,003,596 | ---- | M] () -- C:\Windows\SysWow64\gmon.out
[2013/02/09 07:17:34 | 000,476,672 | --S- | M] () -- C:\Users\customer\AppData\Roaming\FacbookUpdate.exe
[2013/02/09 07:17:16 | 000,237,568 | ---- | M] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
[2013/02/08 17:40:19 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
[2013/02/08 17:33:15 | 000,399,872 | R-S- | M] () -- C:\Users\customer\mfpdd.exe
[2013/02/07 18:05:55 | 000,502,608 | ---- | M] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
[2013/02/07 15:40:49 | 000,001,223 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Java
[2013/02/07 04:38:30 | 000,197,025 | ---- | M] () -- C:\Users\customer\AppData\Roaming\hal2u.exe
[2013/02/07 04:38:30 | 000,197,025 | ---- | M] () -- C:\Users\customer\awt43abr.exe
[2013/02/06 18:24:29 | 000,064,683 | ---- | M] () -- C:\Users\customer\Desktop\mjong tiles.jpg
[2013/02/06 10:21:38 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Horizon.lnk
[2013/02/05 19:09:00 | 000,172,368 | ---- | M] () -- C:\Users\customer\Documents\rec_Vcs6Core_19-08-41.mp3
[2013/02/02 08:34:03 | 000,018,902 | ---- | M] () -- C:\Users\customer\AppData\Roaming\IIIuR
[2013/02/01 09:00:40 | 000,024,064 | ---- | M] () -- C:\Users\customer\AppData\Roaming\java.exe
[2013/01/18 21:05:18 | 000,000,132 | ---- | M] () -- C:\Users\customer\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/15 10:27:37 | 004,895,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/15 10:24:28 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/15 09:41:23 | 4265,379,000 | ---- | M] (Nexon) -- C:\MSSetupv125.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 00:24:10 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7e6b8aa3-3fd7-4dda-950a-418882788490.job
[2013/02/11 00:24:09 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0a9f410d-22f8-45a6-8301-64946642a5ae.job
[2013/02/11 00:23:49 | 000,001,815 | ---- | C] () -- C:\Users\customer\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/10 23:47:58 | 000,000,097 | ---- | C] () -- C:\Users\customer\AppData\Local\dfl26z32.dll
[2013/02/10 21:58:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/10 21:58:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/10 21:58:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/10 21:58:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/10 21:58:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/10 21:48:27 | 000,041,472 | ---- | C] () -- C:\Users\customer\AppData\Roaming\wmdc.exe
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2013/02/10 13:20:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2013/02/10 13:20:27 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\fbfpnee.exe
[2013/02/10 01:54:29 | 000,000,211 | ---- | C] () -- C:\Users\customer\AppData\Roaming\22222222
[2013/02/09 21:25:46 | 000,002,389 | ---- | C] () -- C:\Users\customer\AppData\Roaming\62
[2013/02/09 18:25:05 | 000,000,736 | ---- | C] () -- C:\Users\customer\AppData\Roaming\MaxMishkin
[2013/02/09 16:17:50 | 000,000,446 | ---- | C] () -- C:\Users\customer\AppData\Roaming\runmdc
[2013/02/09 10:31:07 | 000,007,818 | ---- | C] () -- C:\Users\customer\AppData\Roaming\rsspec01
[2013/02/09 07:17:36 | 000,476,672 | --S- | C] () -- C:\Users\customer\AppData\Roaming\FacbookUpdate.exe
[2013/02/08 17:40:51 | 000,004,192 | ---- | C] () -- C:\Users\customer\AppData\Roaming\xprdssx
[2013/02/08 17:33:15 | 000,399,872 | R-S- | C] () -- C:\Users\customer\mfpdd.exe
[2013/02/07 18:06:26 | 000,003,309 | ---- | C] () -- C:\Users\customer\AppData\Roaming\xprdss
[2013/02/07 04:39:00 | 000,001,223 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Java
[2013/02/07 04:38:30 | 000,197,025 | ---- | C] () -- C:\Users\customer\AppData\Roaming\hal2u.exe
[2013/02/07 04:38:30 | 000,197,025 | ---- | C] () -- C:\Users\customer\awt43abr.exe
[2013/02/07 04:38:28 | 000,003,596 | ---- | C] () -- C:\Windows\SysWow64\gmon.out
[2013/02/06 18:24:29 | 000,064,683 | ---- | C] () -- C:\Users\customer\Desktop\mjong tiles.jpg
[2013/02/06 10:21:38 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Horizon.lnk
[2013/02/05 19:08:48 | 000,172,368 | ---- | C] () -- C:\Users\customer\Documents\rec_Vcs6Core_19-08-41.mp3
[2013/02/05 18:49:01 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/02/02 08:34:03 | 000,018,902 | ---- | C] () -- C:\Users\customer\AppData\Roaming\IIIuR
[2013/02/01 09:00:40 | 000,024,064 | ---- | C] () -- C:\Users\customer\AppData\Roaming\java.exe
[2013/01/08 20:27:47 | 000,000,132 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/01/07 04:15:36 | 000,034,949 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Youtube
[2012/12/30 10:54:24 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/08 17:19:08 | 000,004,662 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/12/04 18:56:47 | 000,636,416 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe
[2012/12/04 18:56:47 | 000,475,136 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe
[2012/12/04 18:53:28 | 000,290,500 | ---- | C] () -- C:\Users\customer\AppData\Local\funmoods-speeddial_sf.crx
[2012/12/04 18:53:24 | 000,031,465 | ---- | C] () -- C:\Users\customer\AppData\Local\funmoods.crx
[2012/10/06 19:11:51 | 000,000,000 | ---- | C] () -- C:\Users\customer\AppData\Roaming\True
[2012/10/06 19:11:22 | 000,206,858 | ---- | C] () -- C:\Users\customer\AppData\Roaming\phatk.ptx
[2012/08/28 06:50:42 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\newdefault.ini
[2012/02/11 12:51:32 | 000,001,271 | ---- | C] () -- C:\Users\customer\AppData\Roaming\Roaming - Shortcut.lnk
[2011/12/03 09:48:17 | 000,002,133 | ---- | C] () -- C:\Users\customer\.recently-used.xbel
[2011/11/18 07:26:01 | 000,000,017 | ---- | C] () -- C:\Users\customer\AppData\Local\resmon.resmoncfg
[2011/10/27 07:37:30 | 000,000,000 | ---- | C] () -- C:\Users\customer\AppData\Local\{5EEC4BAB-6255-4B69-AE61-0C9320927B59}
[2011/08/29 17:58:04 | 000,000,065 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/06/25 17:53:04 | 000,033,134 | ---- | C] () -- C:\Users\customer\AppData\Roaming\UserTile.png
[2011/06/23 09:50:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/22 07:13:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/22 07:13:33 | 000,054,520 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2011/06/22 07:13:33 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/06/22 07:13:33 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2009/07/13 18:31:52 | 000,036,696 | --S- | C] () -- C:\ProgramData\dxksaoqiu.exe
[2009/07/13 18:31:52 | 000,017,408 | --S- | C] () -- C:\ProgramData\dxugedtae.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



















and here is extras





OTL Extras logfile created on: 2/11/2013 12:45:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\customer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.89 Gb Available Physical Memory | 76.06% Memory free
15.49 Gb Paging File | 13.58 Gb Available in Paging File | 87.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.66 Gb Total Space | 341.38 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive E: | 4.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAX | User Name: customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2664367239-3075011552-1143883363-1000]
"EnableNotifications" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\For josh.exe" = C:\Users\customer\AppData\Roaming\For josh.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\awt43abr.exe" = C:\Users\customer\awt43abr.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\customer\AppData\Roaming\hal2u.exe" = C:\Users\customer\AppData\Roaming\hal2u.exe:*:Enabled:Windows Messanger -- ()
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\AppData\Roaming\wass.exe" = C:\Users\customer\AppData\Roaming\wass.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347371834.exe" = C:\Users\customer\AppData\Local\Temp\1347371834.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Local\Temp\1430368838.exe" = C:\Users\customer\AppData\Local\Temp\1430368838.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\dad1.exe" = C:\Users\customer\AppData\Roaming\dad1.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347148844.exe" = C:\Users\customer\AppData\Local\Temp\1347148844.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\hal2niga.exe" = C:\Users\customer\AppData\Roaming\hal2niga.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\sysmem.exe" = C:\Users\customer\AppData\Roaming\sysmem.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Local\Temp\1358692202.exe" = C:\Users\customer\AppData\Local\Temp\1358692202.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\62.exe" = C:\Users\customer\AppData\Roaming\62.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347230838.exe" = C:\Users\customer\AppData\Local\Temp\1347230838.exe:*:Enabled:Windows Messanger
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\For josh.exe" = C:\Users\customer\AppData\Roaming\For josh.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\awt43abr.exe" = C:\Users\customer\awt43abr.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\customer\AppData\Roaming\hal2u.exe" = C:\Users\customer\AppData\Roaming\hal2u.exe:*:Enabled:Windows Messanger -- ()
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Users\customer\AppData\Roaming\wass.exe" = C:\Users\customer\AppData\Roaming\wass.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347371834.exe" = C:\Users\customer\AppData\Local\Temp\1347371834.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Local\Temp\1430368838.exe" = C:\Users\customer\AppData\Local\Temp\1430368838.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\dad1.exe" = C:\Users\customer\AppData\Roaming\dad1.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347148844.exe" = C:\Users\customer\AppData\Local\Temp\1347148844.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\hal2niga.exe" = C:\Users\customer\AppData\Roaming\hal2niga.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Roaming\sysmem.exe" = C:\Users\customer\AppData\Roaming\sysmem.exe:*:Enabled:Windows Messanger -- (Quick Heal Technologies Pvt. Ltd.)
"C:\Users\customer\AppData\Local\Temp\1358692202.exe" = C:\Users\customer\AppData\Local\Temp\1358692202.exe:*:Enabled:Windows Messanger
"C:\Users\customer\AppData\Roaming\62.exe" = C:\Users\customer\AppData\Roaming\62.exe:*:Enabled:Windows Messanger -- (Company)
"C:\Users\customer\AppData\Local\Temp\1347230838.exe" = C:\Users\customer\AppData\Local\Temp\1347230838.exe:*:Enabled:Windows Messanger


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070F4F75-C779-4DD4-BBFF-8EB9AB583476}" = lport=137 | protocol=17 | dir=in | app=system |
"{132CBB95-4D39-46D6-BE55-0B8415708971}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BFB3CFC-00AF-43B8-A599-B224793ACF52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EDB714B-227D-4916-9EF3-48466AD61FC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29B487F0-45A1-41EA-A0C2-9AD6238CEC4D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3009DB0D-D86F-4648-89EF-537254E021A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4798E717-B82A-408C-BF63-79147609F6E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{49181287-5365-4008-92CE-3AC2294D46A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{497A01B4-BA3C-41E7-BC3A-68B1683FD1C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{5A74B911-965D-43B9-87EB-579D03E70CD9}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D8F5644-1DA3-485F-ADFB-55A53774052B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6612A948-8489-420B-9E50-EAFAE7E9F029}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66F56135-BFF2-47A1-A8B6-84B29B30E4E7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B6A5D4C-3C2F-4A6C-9D36-952F1F9A8D09}" = lport=138 | protocol=17 | dir=in | app=system |
"{88EC1056-9664-421E-AE1D-30493253DE33}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A03AAD28-6C84-46CA-8B7F-E6DF18D7C925}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC7E5074-56D4-4C9A-A9C5-7FC625FF4F6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD0009F7-3C7D-4F4D-858C-52BE53BE667E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE96B054-36A0-4183-ACB6-4F55C4915C12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4AD28A5-32FE-450D-AA3D-7981258E08D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9BAF6EC-7F96-483E-846F-5A7745A081FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCBC70DB-2AE5-4CF4-BF88-460074959C5B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E569EE75-CE17-4D40-9F6E-8DFD8D5A0800}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE569886-A055-4DB1-81E4-D4D9AD6AE949}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F6BEB4B8-60F1-442E-AC97-92A92EE571F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08379FF9-2C1E-48B7-BDF1-7272C5E81987}" = protocol=17 | dir=in | app=c:\users\customer\downloads\crossfire_downloader.exe |
"{0BFC370D-2249-4598-828D-2D5C13C6E00B}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{0CD06F53-6B51-4F12-91F8-90B00F071A65}" = protocol=17 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-service.exe |
"{0CDCF9BE-B41B-4BE6-84CD-7CA473A79DB8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{0DFA7A57-B287-4BF8-8034-F250626FB1F4}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0E0AF901-9971-41A2-8A5F-565261C408A9}" = protocol=6 | dir=in | app=c:\users\customer\downloads\crossfire_downloader.exe |
"{0FBA5C7D-5A39-4E0B-AE40-10043E135C40}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{162446DC-5010-434A-9C6E-2B9E8FDB86E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EB1694C-7D96-47BD-8F95-AFAC0CC27FE3}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2276B45A-1FA0-4E79-9447-64A397786288}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22ECFA8F-4767-4A29-BCF8-CB9D8FAA37A4}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{24FA07E5-4AE0-46C6-A662-5E363A00DC60}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2566BD3B-DB8A-44DC-AE8B-938320D44C8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{281494E0-C756-4B57-930A-BD982A903BFF}" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"{2BAB73B1-C00B-43D9-AA6B-EBFB62CE1976}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E770A80-9FD3-4B70-8895-916F9BDA8D6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{388F699D-D625-4503-A6FA-AB9772A5124E}" = protocol=17 | dir=in | app=c:\program files (x86)\subsonic\subsonic-service.exe |
"{39344C60-7E7F-4499-AF5D-D360E09A5C04}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{3E0C4CCC-E8A8-4EEF-AF50-60A1E5CD151F}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{3FEDE4ED-2925-4471-A0F3-7D7E90DAA234}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{403249AE-C6FA-48A6-861D-F1ABE95E21DB}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{403355D6-8082-4A24-B1A8-521C546AC5DF}" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"{404F9D0D-FA16-4838-9811-E45141ACBD97}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{41D8E65E-E3BB-41BB-9324-29A09B9D81A6}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{44DEA33A-CB03-447A-B9A2-2B95DC17E0E3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{48D2AF0E-4369-4AA0-BF22-4686C0E8981F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49550D90-1764-45FD-B229-D752D818C761}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4BA4A6A4-E009-411B-9B6A-F4AB55274836}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{4EBB8615-30A1-44AB-9DC9-70994E3499F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{50B7CD20-FAEC-4823-8FEF-3F92047C21B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5151E8EE-511E-4905-977B-388CAC5E924D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{567E9D11-4B5F-4EF3-B609-BBCE0BAD6677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5721FD0E-B1F5-422C-BF76-5F488218D695}" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"{5742F965-668D-45F7-9747-EECB1BBDE4F5}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{591A1254-FB9C-4365-83CD-ED7C72643A9C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{5B23730B-7E8B-47B4-ADEB-7379B593C954}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5E6CDAC5-8DEB-4A95-9044-82DA31AD39D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{62CDF8F7-DE3E-47E4-8C2A-A338F56040AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6871DBB4-A288-4342-BAB1-91C3A889E7C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{68A58B9C-8FB0-40E3-9C0B-CF5F1CA6906E}" = protocol=58 | dir=out | [email protected],-503 |
"{6BB13321-3080-45B6-B422-FBC004FDF95E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{73220D07-7CC5-484C-AE02-117BDB0A375B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{765166E9-CAD6-4EFA-9340-998358D2721E}" = protocol=58 | dir=in | app=system |
"{78D996D4-D6C2-4F39-B1C7-414DDFF1284D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"{7B00C289-C762-428E-A0F7-7B93C4563DCE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7EEA2A0B-7C49-480A-A9DC-5D4C6763E112}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{7EEB34F7-3B24-4A2B-90DF-4D069A50082C}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{82EE32E7-0117-4A59-9CFB-44BDBCACACA2}" = protocol=58 | dir=out | [email protected],-28546 |
"{86C6D66B-C95F-4FAF-9EBB-86F5EEAC3DFC}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{87B7A988-3671-4FFF-8CAB-8989A4A558D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{88F08FA6-B93C-411B-99E0-35F76FC4000F}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{8DFC1826-C368-4C73-BDE4-D02802D74ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{921164BD-8084-4D12-A86B-E9D1C72A12A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{92AC9925-01C1-4D33-80CD-3F33C02E48C9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{93752EED-FC37-48C6-BBCF-556DF4AE4FF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94A5C970-BAAA-414D-B844-36C78C02E1CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{95BABD67-5F32-43A5-8ED5-B8EBF9C1B778}" = protocol=17 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-agent.exe |
"{95CCEF94-9AEE-4EB8-9F25-4C8B019A6EA7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{95FA1701-16EB-4C24-B085-38BB0C49FCDA}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{9A0F687D-3B25-438A-A21E-314726F3C9AE}" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9B736F72-12D3-44DA-86E1-F619BDD3B9CF}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{9CE0EF0D-A3CD-4C8E-BCDC-3BF79A9FC36F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E7F3B0C-71AE-4A9A-950A-EA40B26A35BF}" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"{9E9C66C0-C55C-4386-9292-458092EEC00B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9EC9EBEF-65F6-4F52-89B0-9F0BDBAA2AAD}" = protocol=17 | dir=in | app=c:\program files (x86)\subsonic\subsonic-agent.exe |
"{9EE15343-95B2-4BD2-8A6D-F53305E644D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FF0925B-EA1E-403E-AAF9-D8B29C433B10}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A25B32EF-9823-4327-9544-B1EDB1EB7B80}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{A2E53D51-4035-4C58-81FF-326ABD136BDE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2EA63AB-A4BE-4467-A4CD-369ABE2A6866}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A3CF4411-0299-4348-9D71-1DB5F2504897}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A4D486CB-08BE-4D6F-8861-D28B456404A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A66214F9-331A-4CFE-9D51-4E2F6C7F567A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7DED61A-2EBE-4A47-BEDF-066026FFC003}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF1239A2-6D6A-4740-A9DB-C3C411966EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B128ABC3-4260-46A7-85EE-93421B0FD4AD}" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B46ACD0E-FB98-4F51-B83D-0156A90E0DF9}" = dir=in | app=c:\users\customer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{B5F58F7B-CC63-4C8E-9CE2-64B6D04DDB4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8129E64-279B-4182-86AF-5B30F0290CC1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{BB3B18E4-F1C7-41C1-9E6C-22796AA1B21C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BD75C3F6-0394-47A4-BEC4-4FC500499FE0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C171BAA5-CE7D-418C-8FC8-C35F2D8BFB82}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe |
"{C4D600CE-8BCB-4F1D-B11C-198A937205E8}" = protocol=6 | dir=in | app=c:\program files (x86)\subsonic\subsonic-agent.exe |
"{C52B5210-3525-4EB7-B495-00163CAC4C03}" = protocol=58 | dir=in | [email protected],-28545 |
"{C9AF863C-E2B2-47C8-A17D-771A521581F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CB031F2F-1BD3-4A6D-BCAF-DE609AEDED4B}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{CC5A904D-C729-4D53-BE32-72F8B77C0BAE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CDF67B04-BC0A-4AEE-974D-674778923D34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1A101DD-C3EF-455B-A6F6-5E2890F7BC32}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D1A257A7-1140-45B1-B38E-5A5C55AEF304}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D3181234-A1CB-463F-B52C-AE033E766571}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D84B3C55-8A55-4481-842E-5DFABF8F488D}" = protocol=6 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-agent.exe |
"{D9C8F546-EF70-4614-84ED-826E813852D9}" = protocol=1 | dir=in | [email protected],-28543 |
"{E0D75E0C-97DD-4068-8733-E91FCABB2622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"{E13C6E14-E5F1-4710-BE1C-9357C926D0B9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E3CD56CD-9826-46EC-A98E-9D44EC6E536F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5EE9A79-4920-4798-88E5-56101C8FB33F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E6E4BC2A-E70C-479B-8A48-B652BCBC549C}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{E827868B-6927-48D0-A401-5CAFDD1147D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9339C8F-9170-468E-9B7D-5F6DE4A2C4AA}" = protocol=6 | dir=in | app=c:\program files (x86)\subsonic\subsonic-service.exe |
"{EA48B0A6-0BA9-4CBC-8E11-BD818EFE45A5}" = protocol=6 | dir=out | app=system |
"{EA702A4D-B6DF-420B-A60D-E4685BE30718}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F15796E0-5B01-489D-9D25-3346F6AF8458}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{F2593C9A-6F4B-4CA0-9470-CCF006305564}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{F28DD476-22C3-4DE7-A8F6-97CAB391E5B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47F7812-0EF7-4FC7-A97A-6698581DBBF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{F58997DE-4335-4F6C-8537-5AEB38E11B43}" = protocol=6 | dir=in | app=c:\users\customer\desktop\subsonic\subsonic-service.exe |
"{F8A36019-A401-4524-A44E-21BE056F884B}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{FAE2AD9D-07BB-4360-8F2F-9ECDABD112EC}" = protocol=1 | dir=out | [email protected],-28544 |
"{FBAAA707-2C2F-4F8F-8F86-8F921531396C}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{FCDF8BD2-8EAB-4212-89F2-67D6748A1F49}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{0C70DFFD-C88F-4278-A34E-1176CBE6B927}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{0E6B2980-6348-44D1-8F1F-58CD748E3E2B}C:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{1909E1B1-9177-47D1-960F-E9E2F981C0ED}C:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{1B6AE4DF-03FE-4DED-9BBA-BD0DA27A3742}C:\users\customer\desktop\skype.exe" = protocol=6 | dir=in | app=c:\users\customer\desktop\skype.exe |
"TCP Query User{2B0BD8AE-9CE1-48BF-AC6B-B5FBD86CC8B6}C:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"TCP Query User{3105C7F7-15E7-4687-B2E1-1FC2CE7A6D06}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{33CB364A-13DC-4BB3-A0A8-62E40EE9928B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{35223F44-2013-42DB-9D6F-CF23BFD9A2C3}C:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{3FA8FDAB-E10A-4667-9F3E-F0CA97877E89}C:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{5FC94679-C140-47D1-BCB4-861380295249}C:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{62215796-C8AB-4C73-85AC-64C5D9C5B656}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{67D5A365-DDDE-4A90-8A79-7B65EDE85B60}C:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{6B806C12-8B11-4678-AE90-5E48E77C4737}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{7C59577D-DDB8-4AF3-B3A9-585BEB5BEF5F}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{8043BFF3-CDDA-4040-A299-BD92419DF4A6}C:\users\customer\appdata\roaming\uclo\ufat.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\uclo\ufat.exe |
"TCP Query User{842D0CBB-811F-4F96-8830-164DCAAA41E6}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{8E1D6D32-9AF7-4BA5-9359-1B668251EBC7}C:\users\customer\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9471F6C6-D22F-4EBD-900D-C80E816814D5}C:\program files (x86)\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"TCP Query User{981206A4-B8F8-48F9-8699-F3334E4B3E62}C:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{B7A0E0A3-47AC-40AE-97CE-399F9CAEE4FD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D9A28C78-4404-408A-855C-80EFFA6E9E47}C:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{DCB25DA8-4C49-49D8-97DC-948E3B5C178D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{DD03A665-BD7E-4B2B-A1BB-AAF7EA5A4051}C:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{E0A0BE93-31F0-4503-9593-3913A7FB2814}C:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=6 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe |
"TCP Query User{E4EB3482-B6D0-49C1-AA08-8E1C78086780}C:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe" = protocol=6 | dir=in | app=c:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe |
"UDP Query User{0435F9EF-0FC4-49B6-BA48-113D815D5285}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{298DD58F-1E0C-4066-9008-D55946555F07}C:\users\customer\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\spotify\spotify.exe |
"UDP Query User{358F6310-23E8-486A-85AE-34C86675C628}C:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe" = protocol=17 | dir=in | app=c:\users\customer\desktop\waw\call of duty - world at war\cod5sp.exe |
"UDP Query User{3ABA1953-2946-4E85-9A73-FE9AF51C80B0}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{4259D52E-1A1B-4721-BC83-303239C1B4A9}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{44B85A46-16A1-423B-ACAC-42E96EB0F095}C:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex79.128\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{5D44C91D-DACC-4BAE-941D-5B1725FAD823}C:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex21.424\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{715F4EEC-82C2-466B-9BE7-9A089AFFFA6E}C:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex52.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{7F171329-EBD5-43A6-9B58-BE0EDB053EAD}C:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex24.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{9172C972-9EC1-4BCC-954A-0183772CAF7A}C:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex97.944\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{92B204C3-6D13-4FF2-BF2A-E0028E3E6A02}C:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex60.128\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{9920E655-D8B0-44A2-B8C7-69299F7CE110}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"UDP Query User{9BF7D449-1FEC-45CC-9C0F-9B83D3E6EE25}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{9D943BFF-77F5-44C4-91E2-D224F390893B}C:\users\customer\desktop\skype.exe" = protocol=17 | dir=in | app=c:\users\customer\desktop\skype.exe |
"UDP Query User{A6867ED9-2ABE-432C-90E3-EB8C945E0574}C:\program files (x86)\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\net tools\nettools5.exe |
"UDP Query User{AB01D493-D63F-4CD5-A572-E3BE29462A45}C:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\maxblops\team fortress 2\hl2.exe |
"UDP Query User{BB65E874-8D88-4345-91A3-E99DEFEFC937}C:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex84.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{C30DF455-AA6D-479A-BC75-AC7FD1F61B2F}C:\users\customer\appdata\roaming\uclo\ufat.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\roaming\uclo\ufat.exe |
"UDP Query User{C8C19D10-BA3F-4ECC-AD55-33B7B264E7E7}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{E1B672A0-2727-4318-BD57-B7DF50F31E5A}C:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex88.648\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{E5DF17A8-525C-47EA-9DAC-D38370AF59C1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E9F9E5F5-62B2-4932-8E65-ED881F44843B}C:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex57.944\[ghbsys.net] public-client\ghb - pclient.exe |
"UDP Query User{EF76C5E8-DD86-41E2-AFD6-692AECB06904}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F9CB5C32-D8EF-4237-8AB4-74B925290DA5}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{FA86C445-A192-44D4-A3EB-4F8420E62A8D}C:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe" = protocol=17 | dir=in | app=c:\users\customer\appdata\local\temp\rar$ex36.424\[ghbsys.net] public-client\ghb - pclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AF333DE-057E-489C-9D1C-CE348AF7D1B8}" = MorphVOX Pro
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30A0F8D9-709B-451C-BFB3-D8559F4797F8}" = Fantapper Browser Plugin
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}" = ArcSoft ShowBiz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6e34608d-f6da-4dd4-8f4e-69bac17a2e92}" = Nero 9 Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.3
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"BB FlashBack Express" = BB FlashBack Express
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cross Fire_is1" = Cross Fire En
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.5.10.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Freemake Video Converter_is1" = Freemake Video Converter version 3.2.1
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hauppauge Device Central" = Hauppauge Device Central
"Identity Card" = Identity Card
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InternetHelper Toolbar" = InternetHelper Toolbar
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"MapleStory" = MapleStory
"MSNINST" = MSN
"NetTools_is1" = NetTools 5.0
"PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
"RealPlayer 15.0" = RealPlayer
"TmNationsForever_is1" = TmNationsForever
"UnHackMe_is1" = UnHackMe 5.99 release
"uTorrent" = µTorrent
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VLC media player" = VLC media player 1.1.7
"Wajam" = Wajam
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Zoom Downloader" = Zoom Downloader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"NetAssistant" = Freeze.com NetAssistant
"Spotify" = Spotify
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2013 9:43:17 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x8d8 Faulting application start time: 0x01ce07f904aa004c Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: 6766e8f4-73ec-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:43:55 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x16ec Faulting application start time: 0x01ce07f937e18f78 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: 7e5fadaf-73ec-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:45:33 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0xce8 Faulting application start time: 0x01ce07f960693705 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: b8c320ad-73ec-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:46:32 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0xf08 Faulting application start time: 0x01ce07f9894b34e4 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: dbcbfe70-73ec-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:47:23 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0xfbc Faulting application start time: 0x01ce07f9b1809c8c Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: fa3503fe-73ec-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:47:41 PM | Computer Name = max | Source = Windows Search Service | ID = 3100
Description =

Error - 2/10/2013 9:49:11 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x848 Faulting application start time: 0x01ce07f9dbcb3063 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: 3a73ba00-73ed-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:51:02 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UpdateTask.exe, version: 0.0.0.0, time
stamp: 0x50d2b4ee Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xc44 Faulting application
start time: 0x01ce07fa1a4a5587 Faulting application path: C:\Program Files (x86)\Ask.com\UpdateTask.exe
Faulting
module path: unknown Report Id: 7cbb3ff1-73ed-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:51:10 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x12f8 Faulting application start time: 0x01ce07fa05847e99 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: 81d30909-73ed-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:51:34 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0xec4 Faulting application start time: 0x01ce07fa3ba4929c Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: 8f8ce0ac-73ed-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:52:01 PM | Computer Name = max | Source = Windows Search Service | ID = 3100
Description =

Error - 2/10/2013 9:53:07 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x1414 Faulting application start time: 0x01ce07fa687369c2 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: c7379216-73ed-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:54:41 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x138c Faulting application start time: 0x01ce07fa9618cdec Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: ff811de3-73ed-11e2-885f-1c750821f4d9

Error - 2/10/2013 9:54:53 PM | Computer Name = max | Source = Application Error | ID = 1000
Description = Faulting application name: UnHackMe.exe, version: 5.9.9.413, time
stamp: 0x00000000 Faulting module name: UnHackMe.exe, version: 5.9.9.413, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0022b7da Faulting process id:
0x1614 Faulting application start time: 0x01ce07fabf116160 Faulting application path:
C:\Program Files (x86)\UnHackMe\UnHackMe.exe Faulting module path: C:\Program Files
(x86)\UnHackMe\UnHackMe.exe Report Id: 06476098-73ee-11e2-885f-1c750821f4d9

[ System Events ]
Error - 2/11/2013 4:04:27 AM | Computer Name = max | Source = Service Control Manager | ID = 7000
Description = The Adobe SwitchBoard service failed to start due to the following
error: %%1053

Error - 2/11/2013 1:09:11 PM | Computer Name = max | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 2/11/2013 1:09:19 PM | Computer Name = max | Source = Service Control Manager | ID = 7000
Description = The Subsonic service failed to start due to the following error: %%2

Error - 2/11/2013 1:09:20 PM | Computer Name = max | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Adobe
SwitchBoard service to connect.

Error - 2/11/2013 1:09:20 PM | Computer Name = max | Source = Service Control Manager | ID = 7000
Description = The Adobe SwitchBoard service failed to start due to the following
error: %%1053

Error - 2/11/2013 1:23:32 PM | Computer Name = max | Source = Service Control Manager | ID = 7034
Description = The HcwDevCentralService service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/11/2013 1:23:38 PM | Computer Name = max | Source = Service Control Manager | ID = 7031
Description = The Nero BackItUp Scheduler 4.0 service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 500
milliseconds: Restart the service.

Error - 2/11/2013 1:25:10 PM | Computer Name = max | Source = Service Control Manager | ID = 7031
Description = The Nero BackItUp Scheduler 4.0 service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 500
milliseconds: Restart the service.

Error - 2/11/2013 1:26:48 PM | Computer Name = max | Source = Service Control Manager | ID = 7034
Description = The IB Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 2/11/2013 1:31:17 PM | Computer Name = max | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jbayerr,

In Google Chrome:

  • Click the wrench icon on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Click the trash can icon by
    XJZ Survey Remover
    ConduitChromeApiPlugin
    Conduit Radio Plugin

  • A confirmation dialog will appear, click Remove.
After that

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yE&cr=938385568
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.77searchengines.com/?op [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6OyZjH0Mp6&i=26
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.condui...&ctid=CT2790392
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
    IE - HKCU\..\SearchScopes\{067D9AAC-CD10-4DEB-BB40-1D20BA76545C}: "URL" = http://search.condui...&ctid=CT3072253
    IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=938385568
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyZjH0Mp6&i=26
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...1-1C750821F4D9}
    IE - HKCU\..\SearchScopes\{FB2CFCCE-EC9E-4801-B460-076DF32B74D6}: "URL" = http://search.yahoo....0110627,0,0,0,0
    FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay\nplplaypop.dll ( )
    O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
    O2:64bit: - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
    O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
    O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
    O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (InternetHelper Toolbar) - {9d0f7eb2-452d-4766-b535-8d23e36c300e} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
    O2 - BHO: (Fantapper) - {a0447a65-66aa-4dc3-9869-e574e5de2d5e} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
    O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll File not found
    O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{9d0f7eb2-452d-4766-b535-8d23e36c300e} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper Toolbar) - {9D0F7EB2-452D-4766-B535-8D23E36C300E} - C:\Program Files (x86)\InternetHelper\prxtbInte.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [win32] C:\kernels\drivers.vbs ()
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
    O4 - HKCU..\Run: [DownloadManager] C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe (Zoom Downloader)
    O9:64bit: - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
    O9:64bit: - Extra 'Tools' menuitem : Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader64.dll ()
    O9 - Extra Button: Fantapper - {48DECC8F-CE9C-4C83-B0A3-932C88B7E97B} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Browser Plugin\adxloader.dll ()
    [2013/02/10 18:29:17 | 000,757,760 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\Darkey.exe
    [2013/02/10 14:00:48 | 000,073,728 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\cfopoa.exe
    [2013/02/09 10:29:38 | 000,544,768 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\sysmem.exe
    [2013/02/09 07:17:16 | 000,237,568 | ---- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\Users\customer\AppData\Roaming\hal2niga.exe
    [2013/02/08 17:40:19 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\dad1.exe
    [2013/02/08 17:40:02 | 000,858,112 | ---- | C] (Microsoft Corp.) -- C:\Users\customer\AppData\Roaming\egoxwe.exe
    [2013/02/07 18:05:55 | 000,502,608 | ---- | C] (Company) -- C:\Users\customer\AppData\Roaming\wass.exe
    [2009/07/13 18:31:52 | 000,135,168 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxmibgpxp.exe
    [2009/07/13 18:31:52 | 000,081,920 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxleka.exe
    [2009/07/13 18:31:52 | 000,073,728 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxnuqoqaj.exe
    [2009/07/13 18:31:52 | 000,073,728 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxhrkqq.exe
    [2009/07/13 18:31:52 | 000,073,728 | --S- | C] (Quick Heal Technologies Pvt. Ltd.) -- C:\ProgramData\dxdbrrab.exe
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2009/07/13 18:31:52 | 000,036,696 | --S- | C] () -- C:\ProgramData\dxksaoqiu.exe
    [2009/07/13 18:31:52 | 000,017,408 | --S- | C] () -- C:\ProgramData\dxugedtae.exe
    
    :Files
    C:\Program Files (x86)\Ask.com
    C:\Program Files (x86)\Wajam
    C:\Program Files (x86)\SweetIM
    
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP