Inactive [A] Sirefef - Windows 7 x64

Bishman187 · Jul 31, 2012

I've turned UAC to full for the time being, and also made the MSE icon visible in the system tray, which should make it a little more obvious should something disable it. Farbar and combofix logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-31 12:49:24 Run:2
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{80d2dcb4-bf2f-2b69-974e-75896abb2390} moved successfully.

==== End of Fixlog ====

ComboFix 12-07-30.03 - i5 31/07/2012 12:59:28.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4087.2661 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\i5\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 12:08 . 2012-07-31 12:08 -------- d-----w- c:\users\i5\AppData\Local\temp
2012-07-31 12:08 . 2012-07-31 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 11:56 . 2012-07-31 11:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6418C1C-E20F-414F-90F5-B1710D86C392}\offreg.dll
2012-07-30 13:11 . 2012-07-30 13:11 -------- d-----w- c:\program files\Enigma Software Group
2012-07-30 13:10 . 2012-07-30 13:19 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-30 13:10 . 2012-07-30 13:10 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-29 22:58 . 2012-07-29 22:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 22:58 . 2012-07-29 22:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 22:35 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B279FC-5D45-4B3A-BF8B-14D56A606D71}\gapaengine.dll
2012-07-29 22:35 . 2012-07-16 01:40 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6418C1C-E20F-414F-90F5-B1710D86C392}\mpengine.dll
2012-07-29 22:34 . 2012-07-29 22:34 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-29 22:34 . 2012-07-29 22:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-28 09:13 . 2012-07-28 09:13 -------- d-----w- c:\program files\iPod
2012-07-28 09:13 . 2012-07-28 09:14 -------- d-----w- c:\program files\iTunes
2012-07-28 09:13 . 2012-07-28 09:14 -------- d-----w- c:\program files (x86)\iTunes
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\users\i5\AppData\Local\Secunia PSI
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\program files (x86)\Secunia
2012-07-26 03:39 . 2012-07-26 04:03 -------- d-----w- C:\FRST
2012-07-25 21:43 . 2012-07-25 21:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-25 21:42 . 2012-07-25 21:42 -------- d-----w- c:\program files (x86)\Java
2012-07-25 21:40 . 2012-07-25 21:39 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-25 21:40 . 2012-07-25 21:39 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-25 21:39 . 2012-07-25 21:39 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-25 21:39 . 2012-07-25 21:39 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-25 21:39 . 2012-07-25 21:39 188912 ----a-w- c:\windows\system32\java.exe
2012-07-25 21:39 . 2012-07-25 21:39 -------- d-----w- c:\program files\Java
2012-07-24 13:42 . 2012-07-24 13:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-24 08:08 . 2012-07-24 08:08 -------- d-----w- c:\program files (x86)\Ubisoft
2012-07-24 07:27 . 2012-07-24 07:27 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-07-23 12:42 . 2012-07-23 12:42 -------- d-----w- c:\program files\Logitech
2012-07-21 13:31 . 2012-07-21 13:31 1897984 ----a-w- c:\windows\SysWow64\mqrdim.dll
2012-07-19 19:43 . 2012-07-19 19:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-19 19:26 . 2012-07-19 19:26 -------- d-----w- c:\windows\Sun
2012-07-19 18:48 . 2012-07-20 16:34 -------- d-----w- C:\Pcsx
2012-07-18 11:32 . 2012-07-18 11:32 -------- d-----w- c:\program files\Intel
2012-07-18 11:31 . 2012-07-18 11:31 -------- d-----w- c:\users\i5\AppData\Roaming\InstallShield
2012-07-15 18:10 . 2012-07-15 18:10 -------- d-----w- c:\windows\SysWow64\Futuremark
2012-07-15 18:10 . 2004-10-25 19:02 21664 ----a-w- c:\windows\SysWow64\drivers\Entech.sys
2012-07-15 18:10 . 2004-06-22 14:44 5632 ----a-w- c:\windows\SysWow64\drivers\Entech64.sys
2012-07-15 18:10 . 2001-11-19 18:05 3972 ----a-w- c:\windows\SysWow64\drivers\PciBus.sys
2012-07-15 08:30 . 2012-07-15 08:30 -------- d-----w- c:\program files (x86)\Exif Viewer
2012-07-15 08:23 . 2012-07-15 08:27 -------- d-----w- c:\users\i5\AppData\Local\GameSpy
2012-07-15 08:21 . 2012-07-15 08:24 -------- d-----w- c:\users\i5\AppData\Local\ApplicationHistory
2012-07-14 15:40 . 2012-07-14 15:40 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-07-14 15:39 . 2012-07-14 15:39 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-07-14 15:34 . 2012-07-14 15:34 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-07-14 12:02 . 2012-07-14 13:17 -------- d-----w- c:\programdata\TrackMania
2012-07-13 23:03 . 2012-07-13 23:04 -------- d-----w- c:\program files\Core Temp
2012-07-13 10:19 . 2012-07-13 10:19 -------- d-----w- c:\users\i5\AppData\Roaming\LoneSurvivor
2012-07-11 17:24 . 2012-07-11 17:24 -------- d-----w- c:\users\i5\AppData\Roaming\Media Player Classic
2012-07-11 17:24 . 2012-05-26 11:36 178176 ----a-w- c:\windows\SysWow64\unrar.dll
2012-07-11 17:24 . 2012-07-11 17:24 -------- d-----w- c:\program files (x86)\MPC-HC
2012-07-11 14:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:04 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 20:58 . 2012-07-10 20:58 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-07-10 20:56 . 2012-07-11 16:55 -------- d-----w- c:\programdata\EA Logs
2012-07-10 17:56 . 2012-07-10 17:56 -------- d-sh--w- c:\programdata\SecuROM
2012-07-10 17:49 . 2012-07-14 15:16 -------- d-----w- c:\users\i5\AppData\Local\Rockstar Games
2012-07-10 17:48 . 2012-07-10 17:48 -------- d--h--r- c:\users\i5\AppData\Roaming\SecuROM
2012-07-10 17:45 . 2012-07-10 17:45 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-10 16:58 . 2012-07-10 17:00 -------- d-----w- c:\users\i5\Heaven
2012-07-10 16:58 . 2012-07-10 16:58 -------- d-----w- c:\program files\Unigine
2012-07-10 13:34 . 2012-07-10 13:34 -------- d-----w- c:\programdata\ATI
2012-07-10 13:32 . 2012-07-10 13:32 -------- d-----w- c:\program files (x86)\AMD AVT
2012-07-10 13:32 . 2012-07-10 13:32 -------- d-----w- c:\program files (x86)\AMD APP
2012-07-10 13:32 . 2012-07-10 13:32 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-07-10 13:32 . 2012-07-10 13:32 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-07-10 13:31 . 2012-07-10 13:31 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-07-10 13:30 . 2012-07-10 13:31 -------- d-----w- c:\program files\ATI Technologies
2012-07-10 13:30 . 2012-07-10 13:30 -------- d-----w- c:\program files\ATI
2012-07-08 11:48 . 2012-07-08 11:48 -------- d-----w- c:\users\i5\AppData\Local\CrashRpt
2012-07-08 09:07 . 2012-07-08 09:07 -------- d-----w- c:\programdata\ASUS OC Profiles
2012-07-08 09:03 . 2010-04-22 18:20 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2012-07-08 09:03 . 2009-09-30 10:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2012-07-08 09:03 . 2012-07-08 09:09 -------- d-----w- c:\program files (x86)\ASUS
2012-07-08 09:02 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-07 16:57 . 2012-07-27 10:46 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-07-07 16:57 . 2012-07-07 16:57 -------- d-----w- c:\programdata\Rockstar Games
2012-07-06 12:24 . 2012-07-06 12:24 -------- d-----w- c:\users\i5\AppData\Roaming\fltk.org
2012-07-06 12:24 . 2012-07-06 12:24 -------- d-----w- c:\programdata\fltk.org
2012-07-05 19:48 . 2012-07-05 19:48 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 19:47 . 2012-07-05 19:47 -------- d-----w- c:\programdata\McAfee
2012-07-01 12:26 . 2012-07-28 09:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-25 21:42 . 2012-03-10 14:27 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-14 15:39 . 2012-06-18 16:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-14 15:39 . 2012-06-18 16:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-13 23:12 . 2012-06-18 16:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-12 17:21 . 2012-03-15 20:44 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-07-11 14:06 . 2012-03-10 08:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-10 21:03 . 2012-06-16 15:04 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 12:46 . 2012-05-01 17:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 15:04 . 2012-06-21 15:04 549704 ----a-w- c:\windows\system32\drivers\SRS_AE_amd64.sys
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:34 . 2012-06-11 16:34 77312 ----a-w- c:\windows\system32\amdave64.dll
2012-06-11 16:34 . 2012-06-11 16:34 77312 ----a-w- c:\windows\SysWow64\amdave32.dll
2012-06-11 16:34 . 2012-06-11 16:34 74240 ----a-w- c:\windows\system32\atisamu64.dll
2012-06-11 16:34 . 2012-06-11 16:34 71168 ----a-w- c:\windows\atisamu32.dll
2012-06-11 16:27 . 2012-02-15 02:14 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-11 12:50 . 2012-06-11 12:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 12:50 . 2012-06-11 12:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 12:50 . 2012-06-11 12:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 12:50 . 2012-06-11 12:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 12:50 . 2012-06-11 12:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 12:50 . 2012-06-11 12:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 12:49 . 2012-06-11 12:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-02 22:19 . 2012-06-23 08:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 08:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 08:20 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 08:20 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 08:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 08:20 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 08:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 08:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 08:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-30 12:10 . 2012-05-30 12:10 16168 ----a-w- c:\windows\system32\drivers\TurboB.sys
2012-05-18 13:09 . 2012-05-18 13:09 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-18 13:09 . 2012-05-18 13:09 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-18 13:09 . 2012-05-18 13:09 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-10 15:35 . 2012-05-10 15:35 43520 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-05-10 15:35 . 2012-05-10 15:35 29184 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-05-04 11:06 . 2012-06-14 20:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-14 20:59 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 20:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 20:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-14 20:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-03 02:54 . 2012-05-03 02:54 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:54 . 2012-05-03 02:54 28056 ----a-w- c:\windows\system32\xfcodec64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-29_22.23.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-29 22:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-31 07:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-28 09:04 . 2012-07-31 07:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-28 09:04 . 2012-07-29 22:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-31 07:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-29 22:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-10 08:41 . 2012-07-31 11:54 54436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-31 11:54 32490 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-10 08:41 . 2012-07-31 11:54 14996 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2300901077-4285810195-2663683418-1001_UserData.bin
- 2012-03-09 23:56 . 2012-07-29 22:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-09 23:56 . 2012-07-31 11:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-14 15:38 . 2012-07-31 10:14 10134 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
- 2012-07-14 15:38 . 2012-07-14 15:38 10134 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2012-07-14 15:38 . 2012-07-31 10:14 10134 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
- 2012-07-14 15:38 . 2012-07-14 15:38 10134 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2003-12-13 07:30 . 2003-12-13 07:30 70656 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\zlib1.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 13024 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\shallocator.dll
+ 2007-10-24 23:11 . 2007-10-24 23:11 17120 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysisdedicatedserver.exe
+ 2007-10-24 23:11 . 2007-10-24 23:11 53472 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysis64.exe
+ 2012-07-30 13:18 . 2012-07-30 13:18 66956 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCall.dll
+ 2012-07-31 11:50 . 2012-07-31 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-29 22:22 . 2012-07-29 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-31 11:50 . 2012-07-31 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-29 22:22 . 2012-07-29 22:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 15:38 . 2012-07-14 15:38 9662 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2012-07-14 15:38 . 2012-07-31 10:14 9662 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
- 2012-07-29 22:24 . 2009-10-07 00:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-07-31 11:51 . 2009-10-07 00:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-07-31 11:51 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-07-29 22:24 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2012-07-29 22:58 . 2012-07-29 22:58 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-07-29 22:58 . 2012-07-29 22:58 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 02:36 . 2012-07-29 22:34 630354 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 22:34 113418 c:\windows\system32\perfc009.dat
+ 2012-07-29 22:58 . 2012-07-29 22:58 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2009-07-14 05:01 . 2012-07-31 11:46 370152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-29 22:22 370152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-25 08:34 . 2012-07-25 17:54 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-04-25 08:34 . 2012-07-29 22:34 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-07-29 22:34 . 2012-07-29 22:34 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
- 2012-07-25 17:54 . 2012-07-25 17:54 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
- 2012-04-25 08:34 . 2012-07-25 17:54 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-25 08:34 . 2012-07-29 22:34 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-25 08:34 . 2012-07-29 22:34 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-04-25 08:34 . 2012-07-25 17:54 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-25 08:34 . 2012-07-29 22:34 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2012-04-25 08:34 . 2012-07-25 17:54 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2007-09-19 15:29 . 2007-09-19 15:29 294912 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\pbsv.dll
+ 2004-01-13 19:16 . 2004-01-13 19:16 153966 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\jpeg62.dll
+ 2007-06-14 09:20 . 2007-06-14 09:20 118784 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\intellaptopgaming.dll
+ 2004-06-16 09:57 . 2004-06-16 09:57 372736 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\ijl15.dll
+ 2007-05-16 15:45 . 2007-05-16 15:45 118104 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fxc.exe
+ 2007-10-14 14:35 . 2007-10-14 14:35 920576 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmodex64.dll
+ 2007-10-14 14:30 . 2007-10-14 14:30 794624 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmodex.dll
+ 2007-10-14 14:34 . 2007-10-14 14:34 240640 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmod_event64.dll
+ 2007-10-14 14:33 . 2007-10-14 14:33 283136 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmod_event_net64.dll
+ 2007-10-14 14:25 . 2007-10-14 14:25 237568 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmod_event_net.dll
+ 2007-10-14 14:26 . 2007-10-14 14:26 208896 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmod_event.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 644320 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysoundsystem.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 660704 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryscriptsystem.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 885984 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryrendernull.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 943328 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crynetwork.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 386272 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crymovie.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 197856 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryinput.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 394464 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryfont.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 840928 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryentitysystem.dll
+ 2007-10-24 23:11 . 2007-10-24 23:11 110304 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\b64.dll
+ 2007-09-24 10:55 . 2007-09-24 10:55 159744 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\atimgpud.dll
+ 2012-07-30 13:10 . 2012-07-30 13:10 190063 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.exe
+ 2012-07-30 13:18 . 2012-07-30 13:18 190063 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla36.dll
+ 2012-07-30 13:18 . 2012-07-30 13:18 175992 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla34.dll
+ 2012-07-30 13:18 . 2012-07-30 13:18 176035 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla33.dll
+ 2012-07-30 13:18 . 2012-07-30 13:18 176545 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla32.dll
+ 2012-07-30 13:18 . 2012-07-30 13:18 184966 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla31.exe
+ 2012-07-30 13:18 . 2012-07-30 13:18 189776 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla21.dll
+ 2012-07-30 13:18 . 2012-07-30 13:18 176035 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla2.dll
+ 2012-07-30 13:18 . 2012-07-30 13:18 179526 c:\windows\F896D02690164122B9BD957FF092FFE9.TMP\WiseCustomCalla.dll
+ 2012-07-29 22:58 . 2012-07-29 22:58 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-29 22:58 . 2012-07-29 22:58 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
+ 2012-03-10 09:42 . 2012-07-31 11:47 3145760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-10 09:42 . 2012-07-29 22:04 3145760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-26 18:21 . 2012-03-26 18:21 7622656 c:\windows\Installer\a17cf.msi
+ 2007-10-24 20:13 . 2007-10-24 20:13 2098400 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysystem.dll
+ 2007-11-11 06:55 . 2007-11-11 06:55 9556801 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysis.exe
+ 2007-10-24 20:13 . 2007-10-24 20:13 3024096 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryrenderd3d9.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 3036384 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryrenderd3d10.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 1991904 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryphysics.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 2823392 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crygame.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 1574112 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryanimation.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 1942752 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryaisystem.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 2942176 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryaction.dll
+ 2007-10-24 20:13 . 2007-10-24 20:13 1778912 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cry3dengine.dll
+ 2012-07-29 22:58 . 2012-07-29 22:58 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2012-03-09 23:54 . 2012-07-31 11:47 47524112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2300901077-4285810195-2663683418-1001-8192.dat
+ 2012-03-10 09:42 . 2012-07-30 21:52 46670080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2300901077-4285810195-2663683418-1001-12288.dat
+ 2012-07-31 10:13 . 2012-07-31 10:13 378156544 c:\windows\Installer\9bec44.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-04-30 103536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-04-30 11839488]
R3 ALSysIO;ALSysIO;c:\users\i5\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-28 1436424]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 149544]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-04-03 117040]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-23 1255736]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2010-04-27 783360]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-17 283200]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe [2012-06-25 13232]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-05-30 16168]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys [2012-06-21 549704]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-08-04 1342064]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2300901077-4285810195-2663683418-1001Core.job
- c:\users\i5\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 09:03]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2300901077-4285810195-2663683418-1001UA.job
- c:\users\i5\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-05 09:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\i5\AppData\Roaming\Mozilla\Firefox\Profiles\d83v883a.default\
FF - prefs.js: browser.startup.homepage - google.co.uk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001\Software\SecuROM\License information*]
"datasecu"=hex:28,93,59,f4,04,67,df,91,46,c6,e6,32,04,6c,63,8d,ba,5a,06,d8,c0,
ae,70,70,81,14,c2,c8,0b,72,16,6c,a5,2e,3e,f7,50,a9,78,4e,91,3e,04,e0,80,f4,\
"rkeysecu"=hex:1f,06,e0,90,f7,ce,d5,0d,ab,6c,0b,77,89,c7,61,83
.
[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2e,dc,c3,b2,4f,8d,29,5b,6f,bf,77,cf,ed,b1,a8,08,77,36,c0,54,f7,
75,fe,1f,e2,ff,bd,60,f8,03,5d,03,6f,b1,f4,4a,7b,5f,ec,9d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001_Classes\Wow6432Node\CLSID\{f96638f8-3b2b-4583-9123-431b480980fb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000098
"Therad"=dword:00000008
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-31 13:11:20
ComboFix-quarantined-files.txt 2012-07-31 12:11
ComboFix2.txt 2012-07-29 22:29
.
Pre-Run: 132,601,987,072 bytes free
Post-Run: 132,946,862,080 bytes free
.
- - End Of File - - 52805F4959DA86ACADA8DF98A63E228A

Broni · Jul 31, 2012

Looks good

Any current issues?

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Bishman187 · Aug 1, 2012

Minor issue, turned PC on this afternoon, and the MSE icon is not showing in the system tray, it's showing up in the task manager, real time protection is on and a quick scan seemed to work, but now the main indicator that there is a running AV has gone, the last 2 infections were only brought to my attention when I noticed the AV had been disabled. Tried to update the definitions and it tells me 'update failed, this might be caused by a missing system file, incorrect system setting or problem with registry file.'

Tried on a second machine and it connects properly.

Bishman187 · Aug 1, 2012

Forcing MSE to close then opening it again brings back the green icon to the system tray, still cant get it to update.

Checked on other PC and the definition version is 1.131.1184.0, this one is still on 1.131.1058.0

Bishman187 · Aug 1, 2012

The BITS service wasn't there after that second infection so I've added that back in with the reg fix (seven.zip) and now after a restart, all appears to be working.

No issues

Broni · Aug 1, 2012

Very well.
Go on with MBAM and OTL.

Bishman187 · Aug 1, 2012

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
i5 :: I5-PC [administrator]

01/08/2012 23:34:23
mbam-log-2012-08-01 (23-34-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194490
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 01/08/2012 23:37:36 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.04% Memory free
7.98 Gb Paging File | 5.06 Gb Available in Paging File | 63.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 121.03 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 77.52 Gb Free Space | 52.01% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 76.35 Gb Free Space | 32.78% Space Free | Partition Type: NTFS
Drive H: | 6.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: I5-PC | User Name: i5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 23:32:24 | 000,597,504 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012/08/01 16:23:19 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/29 23:58:59 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/14 01:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/10 22:03:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/05/03 03:54:42 | 003,553,176 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2012/04/30 20:42:26 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/04/30 20:42:14 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/04/30 20:41:52 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/04/30 19:53:30 | 011,839,488 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/03/11 06:09:36 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/04/27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/01 16:23:16 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/01 16:23:14 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/01 16:23:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/01 16:23:10 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/01 16:23:08 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/07/29 23:58:58 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/14 01:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/18 15:34:04 | 000,997,888 | ---- | M] () -- C:\Users\i5\AppData\Roaming\Mozilla\Firefox\Profiles\d83v883a.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/28 23:40:22 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/06/11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/30 13:11:34 | 000,149,544 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/01 16:23:19 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/21 14:31:53 | 001,897,984 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\mqrdim.dll -- (RemoteAccess)
SRV - [2012/07/14 01:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 22:03:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/06/25 15:16:26 | 000,013,232 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SRS Labs\SRS HD Audio Lab Service 2\SRSAudioLabService.exe -- (SRSHDAudioService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/30 20:42:26 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/04/30 20:42:14 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/04/30 19:53:30 | 011,839,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/04/30 17:54:52 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/28 21:33:00 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/21 16:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2012/06/11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/06/11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/30 13:10:50 | 000,016,168 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/04/30 20:42:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/04/30 20:40:52 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/04/30 17:22:42 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/04/30 17:22:42 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/17 10:38:56 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 10:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/02/24 10:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/08 05:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 05:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011/12/08 05:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/12/08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/12/08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/09/02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/04 22:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/04/27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2010/04/27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/07 11:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/10/07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 09:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 50 C7 88 EC 4B CD 01 [binary data]
IE - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.co.uk"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\i5\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\i5\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\i5\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 20:42:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/05 20:48:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\i5\AppData\Roaming\IDM\idmmzcc5

[2012/03/10 00:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i5\AppData\Roaming\Mozilla\Extensions
[2012/07/25 16:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i5\AppData\Roaming\Mozilla\Firefox\Profiles\d83v883a.default\extensions
[2012/05/19 22:49:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\i5\AppData\Roaming\Mozilla\Firefox\Profiles\d83v883a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 16:34:38 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\i5\AppData\Roaming\Mozilla\Firefox\Profiles\d83v883a.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/06/19 16:11:14 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\i5\AppData\Roaming\Mozilla\Firefox\Profiles\d83v883a.default\extensions\support@lastpass.com
[2012/07/19 20:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/06 00:03:29 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\I5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D83V883A.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2012/07/14 01:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/14 01:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\i5\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\i5\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\i5\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\i5\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\i5\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\i5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: YouTube = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_1\
CHR - Extension: Sumo Paint = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0\
CHR - Extension: Google Calendar = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: AdBlock = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: LastPass = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\
CHR - Extension: Google Maps = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: 4chan Plus = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
CHR - Extension: Gmail = C:\Users\i5\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/31 13:08:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2418AAAA-2CCB-4C6C-8B07-9978A6010F82}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8694D9A8-1C08-4217-A91B-907F44B0399B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Bishman187 · Aug 1, 2012

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 19:02:30 | 000,000,000 | ---D | C] -- C:\Support
[2012/07/31 19:14:16 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sumotori Dreams Demo
[2012/07/31 19:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Dreams Demo
[2012/07/31 14:48:41 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\GTA Vice City User Files
[2012/07/31 14:38:27 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\GTA3 User Files
[2012/07/31 14:11:15 | 000,000,000 | ---D | C] -- C:\Procexplorer
[2012/07/31 13:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/31 13:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/31 13:11:22 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Local\temp
[2012/07/31 13:10:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/31 08:30:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/30 14:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/30 14:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/07/29 23:09:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 23:09:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 23:09:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 23:03:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/28 10:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/28 10:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/28 10:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/28 10:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/28 10:04:14 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Local\Secunia PSI
[2012/07/28 10:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/07/26 04:39:11 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/25 22:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/25 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/25 22:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/25 22:36:40 | 000,000,000 | ---D | C] -- C:\Users\i5\Desktop\Java
[2012/07/25 21:40:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/25 19:33:09 | 001,438,391 | ---- | C] (Farbar) -- C:\FRST64.exe
[2012/07/24 14:42:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/24 09:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/07/24 08:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/07/23 18:34:33 | 000,000,000 | ---D | C] -- C:\Users\i5\Desktop\red arrows
[2012/07/23 13:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/07/23 13:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/07/19 20:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/19 20:26:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/19 19:48:11 | 000,000,000 | ---D | C] -- C:\Pcsx
[2012/07/18 12:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/07/18 12:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/07/18 12:31:25 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Roaming\InstallShield
[2012/07/17 20:04:26 | 000,000,000 | ---D | C] -- C:\Users\i5\Desktop\July 2012
[2012/07/15 19:10:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark
[2012/07/15 09:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exif Viewer
[2012/07/15 09:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exif Viewer
[2012/07/15 09:23:23 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Local\GameSpy
[2012/07/15 09:21:38 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Local\ApplicationHistory
[2012/07/14 16:40:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/07/14 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/07/14 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/07/14 13:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2012/07/14 13:02:40 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\TrackMania
[2012/07/14 09:46:36 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\Games for Windows - LIVE Demos
[2012/07/14 00:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/07/14 00:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/07/13 11:19:42 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Roaming\LoneSurvivor
[2012/07/11 18:24:42 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Roaming\Media Player Classic
[2012/07/11 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012/07/11 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2012/07/10 21:58:49 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\Battlefield 3
[2012/07/10 21:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/07/10 21:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/07/10 21:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/07/10 18:56:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2012/07/10 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Local\Rockstar Games
[2012/07/10 18:48:43 | 000,000,000 | RH-D | C] -- C:\Users\i5\AppData\Roaming\SecuROM
[2012/07/10 18:45:47 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/07/10 17:58:31 | 000,000,000 | ---D | C] -- C:\Users\i5\Heaven
[2012/07/10 17:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2012/07/10 17:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Unigine
[2012/07/10 14:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/10 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/07/10 14:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/10 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/07/10 14:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/07/10 14:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/07/10 14:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/07/10 14:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/10 14:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/07/08 12:48:06 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Local\CrashRpt
[2012/07/08 12:41:17 | 000,000,000 | ---D | C] -- C:\Users\i5\Desktop\JC2MP
[2012/07/08 10:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2012/07/08 10:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/07/07 18:24:08 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\Rockstar Games
[2012/07/07 18:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/07/07 17:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012/07/07 17:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/07/06 13:24:28 | 000,000,000 | ---D | C] -- C:\Users\i5\AppData\Roaming\fltk.org
[2012/07/06 13:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/07/06 13:24:25 | 000,000,000 | ---D | C] -- C:\Users\i5\Documents\Amnesia
[2012/07/05 20:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/05 20:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/01 23:15:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2300901077-4285810195-2663683418-1001UA.job
[2012/08/01 19:41:31 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 19:41:31 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 19:36:34 | 000,053,248 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2012/08/01 19:08:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 19:08:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/08/01 19:08:47 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 18:14:41 | 000,006,672 | ---- | M] () -- C:\Users\i5\Desktop\wuauserv.reg
[2012/08/01 17:39:32 | 000,028,204 | ---- | M] () -- C:\Users\i5\Desktop\Capture.PNG
[2012/07/31 19:14:16 | 000,002,195 | ---- | M] () -- C:\Users\i5\Desktop\sumotori.lnk
[2012/07/31 14:15:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2300901077-4285810195-2663683418-1001Core.job
[2012/07/31 13:24:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/31 13:24:50 | 000,754,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/31 13:24:50 | 000,630,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 13:24:50 | 000,113,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/31 13:08:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/30 17:40:17 | 000,060,331 | ---- | M] () -- C:\Users\i5\Desktop\1343665840691.jpg
[2012/07/30 17:40:13 | 000,085,724 | ---- | M] () -- C:\Users\i5\Desktop\1343665901377.jpg
[2012/07/29 20:39:56 | 000,747,848 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 20:26:26 | 000,000,640 | ---- | M] () -- C:\Users\i5\Desktop\onefinger.mp3
[2012/07/29 16:28:42 | 000,000,694 | ---- | M] () -- C:\Users\i5\Desktop\Pro Evolution Soccer 2013 DEMO - Shortcut.lnk
[2012/07/29 10:44:34 | 000,000,000 | ---- | M] () -- C:\20120729_103637.mp4
[2012/07/29 10:40:10 | 000,000,000 | ---- | M] () -- C:\Users\i5\Desktop\20120729_103637.mp4
[2012/07/29 10:30:21 | 000,038,560 | ---- | M] () -- C:\Users\i5\Desktop\391996_10150985663100434_1089295509_n.jpg
[2012/07/28 10:15:31 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/07/28 10:14:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 16:04:11 | 001,605,917 | ---- | M] () -- C:\Users\i5\Desktop\2.psd
[2012/07/27 16:03:44 | 001,602,755 | ---- | M] () -- C:\Users\i5\Desktop\1.psd
[2012/07/27 13:12:45 | 000,000,040 | -H-- | M] () -- C:\B7E23C38DCE6
[2012/07/25 19:27:06 | 001,438,391 | ---- | M] (Farbar) -- C:\FRST64.exe
[2012/07/24 11:11:04 | 000,000,574 | ---- | M] () -- C:\Users\i5\Desktop\Rayman Origins - Shortcut.lnk
[2012/07/23 15:39:04 | 237,023,665 | ---- | M] () -- C:\Users\i5\Documents\Untitled.wmv
[2012/07/23 14:54:50 | 000,280,392 | ---- | M] () -- C:\Users\i5\Documents\Untitled.avc.sfvx
[2012/07/23 14:48:24 | 341,477,974 | ---- | M] () -- C:\Users\i5\Documents\Untitled.avc
[2012/07/23 14:48:24 | 000,000,076 | ---- | M] () -- C:\Users\i5\Documents\Untitled.avc.sfl
[2012/07/21 14:31:53 | 001,897,984 | ---- | M] () -- C:\Windows\SysWow64\mqrdim.dll
[2012/07/19 19:30:29 | 000,085,601 | ---- | M] () -- C:\Users\i5\Desktop\complaint.PNG
[2012/07/18 21:09:34 | 000,171,217 | ---- | M] () -- C:\Users\i5\Desktop\july.JPG
[2012/07/18 12:28:30 | 000,001,738 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/07/16 18:51:38 | 004,910,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/15 10:21:57 | 000,001,444 | ---- | M] () -- C:\Users\i5\jexifviewer.properties
[2012/07/15 09:30:51 | 000,001,961 | ---- | M] () -- C:\Users\i5\Application Data\Microsoft\Internet Explorer\Quick Launch\Exif Viewer.lnk
[2012/07/15 09:22:47 | 000,000,090 | ---- | M] () -- C:\Users\i5\AppData\Local\fusioncache.dat
[2012/07/15 09:22:18 | 000,000,440 | RHS- | M] () -- C:\Users\i5\ntuser.pol
[2012/07/14 16:39:29 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/14 16:39:24 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/14 16:39:17 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/07/14 00:12:50 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/12 16:21:50 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/07/10 22:03:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/10 18:45:47 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/07/10 17:58:17 | 000,003,072 | ---- | M] () -- C:\Users\i5\AppData\Local\file__0.localstorage
[2012/07/07 18:25:58 | 000,001,745 | ---- | M] () -- C:\Users\i5\Desktop\PlayMaxPayne3 - Shortcut.lnk
[2012/07/06 12:03:50 | 000,494,724 | ---- | M] () -- C:\Users\i5\Documents\la.mp3
[2012/07/05 20:17:32 | 002,476,549 | ---- | M] () -- C:\Users\i5\Documents\DontWorryBeHappy.mp3
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 19:36:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2012/08/01 18:54:43 | 006,830,650 | ---- | C] () -- C:\Users\i5\Documents\VengeanceUberRemix.mp3
[2012/07/31 19:14:16 | 000,002,195 | ---- | C] () -- C:\Users\i5\Desktop\sumotori.lnk
[2012/07/31 18:37:55 | 000,028,204 | ---- | C] () -- C:\Users\i5\Desktop\Capture.PNG
[2012/07/31 13:24:54 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/30 17:40:17 | 000,060,331 | ---- | C] () -- C:\Users\i5\Desktop\1343665840691.jpg
[2012/07/30 17:40:13 | 000,085,724 | ---- | C] () -- C:\Users\i5\Desktop\1343665901377.jpg
[2012/07/29 23:09:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 23:09:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 23:09:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 23:09:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 23:09:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/29 20:26:25 | 000,000,640 | ---- | C] () -- C:\Users\i5\Desktop\onefinger.mp3
[2012/07/29 17:14:31 | 000,142,542 | ---- | C] () -- C:\Users\i5\Desktop\TROUGHT.jpg
[2012/07/29 16:28:42 | 000,000,694 | ---- | C] () -- C:\Users\i5\Desktop\Pro Evolution Soccer 2013 DEMO - Shortcut.lnk
[2012/07/29 10:44:34 | 000,000,000 | ---- | C] () -- C:\20120729_103637.mp4
[2012/07/29 10:38:08 | 000,000,000 | ---- | C] () -- C:\Users\i5\Desktop\20120729_103637.mp4
[2012/07/29 10:30:21 | 000,038,560 | ---- | C] () -- C:\Users\i5\Desktop\391996_10150985663100434_1089295509_n.jpg
[2012/07/28 10:15:31 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/07/28 10:14:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 16:04:09 | 001,605,917 | ---- | C] () -- C:\Users\i5\Desktop\2.psd
[2012/07/27 16:03:44 | 001,602,755 | ---- | C] () -- C:\Users\i5\Desktop\1.psd
[2012/07/27 13:12:45 | 000,000,040 | -H-- | C] () -- C:\B7E23C38DCE6
[2012/07/24 11:11:04 | 000,000,574 | ---- | C] () -- C:\Users\i5\Desktop\Rayman Origins - Shortcut.lnk
[2012/07/23 15:26:34 | 237,023,665 | ---- | C] () -- C:\Users\i5\Documents\Untitled.wmv
[2012/07/23 14:54:50 | 000,280,392 | ---- | C] () -- C:\Users\i5\Documents\Untitled.avc.sfvx
[2012/07/23 14:48:24 | 000,000,076 | ---- | C] () -- C:\Users\i5\Documents\Untitled.avc.sfl
[2012/07/23 14:40:37 | 341,477,974 | ---- | C] () -- C:\Users\i5\Documents\Untitled.avc
[2012/07/21 14:31:52 | 001,897,984 | ---- | C] () -- C:\Windows\SysWow64\mqrdim.dll
[2012/07/19 20:43:01 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/19 19:29:56 | 000,085,601 | ---- | C] () -- C:\Users\i5\Desktop\complaint.PNG
[2012/07/18 21:09:34 | 000,171,217 | ---- | C] () -- C:\Users\i5\Desktop\july.JPG
[2012/07/15 19:10:17 | 000,006,173 | ---- | C] () -- C:\Windows\SysWow64\drivers\Entech.vxd
[2012/07/15 19:10:17 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2012/07/15 09:31:10 | 000,001,444 | ---- | C] () -- C:\Users\i5\jexifviewer.properties
[2012/07/15 09:30:51 | 000,001,961 | ---- | C] () -- C:\Users\i5\Application Data\Microsoft\Internet Explorer\Quick Launch\Exif Viewer.lnk
[2012/07/15 09:22:47 | 000,000,090 | ---- | C] () -- C:\Users\i5\AppData\Local\fusioncache.dat
[2012/07/14 16:39:15 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/07/11 18:24:28 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/07/10 17:58:17 | 000,003,072 | ---- | C] () -- C:\Users\i5\AppData\Local\file__0.localstorage
[2012/07/10 17:58:13 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\Heaven DX11 Benchmark 3.0.lnk
[2012/07/08 10:03:05 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/07/08 10:03:05 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/07/07 18:25:58 | 000,001,745 | ---- | C] () -- C:\Users\i5\Desktop\PlayMaxPayne3 - Shortcut.lnk
[2012/07/06 12:03:45 | 000,494,724 | ---- | C] () -- C:\Users\i5\Documents\la.mp3
[2012/07/05 20:17:06 | 002,476,549 | ---- | C] () -- C:\Users\i5\Documents\DontWorryBeHappy.mp3
[2012/06/18 17:10:49 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/16 16:04:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/16 21:23:01 | 000,000,440 | RHS- | C] () -- C:\Users\i5\ntuser.pol
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/05/10 14:53:58 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/04/14 17:25:44 | 000,000,218 | ---- | C] () -- C:\Users\i5\AppData\Local\recently-used.xbel
[2012/03/11 21:04:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/03/10 10:19:41 | 000,001,738 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/03/10 00:50:06 | 000,754,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/10 00:23:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 18:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/01/31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/05/21 19:28:32 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Canneverbe Limited
[2012/05/26 02:52:35 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\DAEMON Tools Lite
[2012/04/14 17:25:20 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\deluge
[2012/06/27 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\DMCache
[2012/07/06 13:24:28 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\fltk.org
[2012/03/23 09:53:51 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Foxit Software
[2012/04/07 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\GetRightToGo
[2012/05/09 18:31:26 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\IDM
[2012/05/08 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\ImgBurn
[2012/03/16 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\JAM Software
[2012/03/15 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Leadertech
[2012/03/20 21:22:55 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\LolClient
[2012/06/09 14:00:45 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\LolClient2
[2012/07/13 11:19:42 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\LoneSurvivor
[2012/05/07 10:04:05 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\OpenOffice.org
[2012/03/10 10:51:09 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Origin
[2012/03/23 11:55:26 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\PDAppFlex
[2012/04/21 21:02:25 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Publish Providers
[2012/03/29 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Samsung
[2012/04/21 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Sony
[2012/04/06 19:12:47 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Stella
[2012/05/03 18:27:34 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Unity
[2012/07/31 22:04:59 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\uTorrent
[2012/07/30 11:08:25 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Vso
[2012/05/10 12:22:04 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Wireshark
[2012/06/11 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\i5\AppData\Roaming\Xilisoft
[2012/06/28 08:23:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Bishman187 · Aug 1, 2012

OTL Extras logfile created on: 01/08/2012 23:37:36 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.04% Memory free
7.98 Gb Paging File | 5.06 Gb Available in Paging File | 63.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 121.03 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 77.52 Gb Free Space | 52.01% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 76.35 Gb Free Space | 32.78% Space Free | Partition Type: NTFS
Drive H: | 6.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: I5-PC | User Name: i5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15FB4C60-0321-40F0-9A2C-34CBCE8306DF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{364BE9E4-1590-407C-B207-5FE3C1BFDD7A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3F629A66-57DF-4CA2-A755-280111B1D8AA}" = protocol=6 | dir=in | app=d:\tor browser\app\tor.exe |
"{3FA8F23F-B649-4855-88F8-880F034A59FE}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51FC0567-B897-4557-B8D1-42FAA8AF3007}" = protocol=6 | dir=in | app=c:\program files\microsoft security client\msseces.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C4A28047-F4AA-4813-A2E9-8DEFBF3E8052}" = protocol=17 | dir=in | app=c:\program files\microsoft security client\msseces.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE6556DE-85E5-4678-9FDC-7C96C6B0896F}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8EF4B00-295C-4B6E-A189-00EF07CF35D6}" = protocol=17 | dir=in | app=d:\tor browser\app\tor.exe |
"{DAF0093F-03FF-48B0-AAE6-46CBA2D55A60}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{E43F1D19-C3C0-46CD-9D8E-7499C4131B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{E77ED38F-0FAB-429B-90E8-905A8909B6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB372953-361A-4F59-B688-474D0E885D87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{375B84D1-2006-459F-BA5D-7FEC5B7B677D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{4437D355-3D09-431B-B421-8E702972192B}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{504AD574-F674-4B4B-99C5-0DEF44BA3FEB}C:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"TCP Query User{80E559B8-30F9-4E0C-A38F-B94E7C922234}D:\tor browser\app\tor.exe" = protocol=6 | dir=in | app=d:\tor browser\app\tor.exe |
"TCP Query User{ACBE9E03-9107-416C-8812-42EA06A8CE8C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{AF7CB441-018F-42CA-A56C-D5A4310CB795}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{E3B9CD5E-D965-4126-8BAE-B10ADA8D9B72}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{0D0EA47F-FBAE-41C0-964C-3F1EC794CA5D}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{28F2F342-3048-4D5D-A445-EFCFD427C232}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{3FF4D2DB-677F-48CA-9DFE-6FC0C19D49AB}D:\tor browser\app\tor.exe" = protocol=17 | dir=in | app=d:\tor browser\app\tor.exe |
"UDP Query User{7A62D27D-9797-4046-835D-F294909B41BE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{87073C3B-CA44-45C8-8FC8-1F063EF9FD5B}C:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"UDP Query User{C540D371-F3C5-4112-A280-1E9224A07BC0}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{E363EE0D-5E5C-4C64-AD2F-C5F166290269}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6C4B2795-B3E9-44FB-BAB2-A8820CF025E4}" = SRS Audio Essentials
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F97742F0-03A7-11E1-868F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"ASIO4ALL" = ASIO4ALL
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cossacks Anthology_is1" = Cossacks Anthology
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deluge" = Deluge 1.3.5
"ESN Sonar-0.70.4" = ESN Sonar
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exif_Viewer" = Exif_Viewer Unisntall
"Fallout New Vegas_is1" = Fallout New Vegas
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FL Studio 10" = FL Studio 10
"Foxit Reader_is1" = Foxit Reader 5.1
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Off-Road Drive_is1" = Off-Road Drive
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PunkBusterSvc" = PunkBuster Services
"Quantum Conundrum_is1" = Quantum Conundrum
"Rockstar Games Social Club" = Rockstar Games Social Club
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.0.0
"SopCast" = SopCast 3.5.0
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 11020" = TrackMania Nations Forever
"Steam App 111100" = Snuggle Truck
"Steam App 1840" = Source Filmmaker
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 208600" = Lunar Flight
"Steam App 209830" = Lone Survivor
"Steam App 26800" = Braid
"Steam App 3830" = Psychonauts
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 8190" = Just Cause 2
"Sumotori Dreams" = Sumotori Dreams
"TreeSize Free_is1" = TreeSize Free V2.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"VMware_Workstation" = VMware Workstation
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.7 (32-bit)
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/07/2012 18:21:59 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x6a0 Faulting application start time: 0x01cd6dd665ec7a18 Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: cfdfe270-d9cb-11e1-97a2-005056c00008

Error - 30/07/2012 12:57:19 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:29:00 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:39:11 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:39:11 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 05:51:00 | Computer Name = i5-PC | Source = Application Hang | ID = 1002
Description = The program Crysis.exe version 1.1.1.5767 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 484 Start
Time: 01cd6f019cd4abb1 Termination Time: 0 Application Path: C:\Program Files (x86)\Electronic
Arts\Crytek\Crysis\Bin32\Crysis.exe Report Id: 190d9cbc-daf5-11e1-a6d1-005056c00008

Error - 31/07/2012 05:51:24 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Crysis64.exe, version: 1.1.1.5767, time
stamp: 0x471f96dc Faulting module name: CrySystem.dll, version: 1.1.1.5767, time
stamp: 0x471f9738 Exception code: 0xc000008f Fault offset: 0x00000000000850cc Faulting
process id: 0x15f4 Faulting application start time: 0x01cd6f020835e834 Faulting application
path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe Faulting
module path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrySystem.dll
Report
Id: 497e08fd-daf5-11e1-a6d1-005056c00008

Error - 31/07/2012 06:23:33 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Crysis64.exe, version: 1.1.1.6115, time
stamp: 0x47c58f4f Faulting module name: CrySystem.dll, version: 1.1.1.6115, time
stamp: 0x47c58fb1 Exception code: 0xc000008f Fault offset: 0x0000000000085c8c Faulting
process id: 0x17c0 Faulting application start time: 0x01cd6f0684c016e4 Faulting application
path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe Faulting
module path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrySystem.dll
Report
Id: c7b1096b-daf9-11e1-a6d1-005056c00008

Error - 31/07/2012 06:23:43 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: crysis64.exe, version: 1.1.1.6115, time
stamp: 0x47c58f4f Faulting module name: CrySystem.dll, version: 1.1.1.6115, time
stamp: 0x47c58fb1 Exception code: 0xc000008f Fault offset: 0x0000000000085c8c Faulting
process id: 0x10c8 Faulting application start time: 0x01cd6f068c5ce69d Faulting application
path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\crysis64.exe Faulting
module path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrySystem.dll
Report
Id: cd41fbe9-daf9-11e1-a6d1-005056c00008

Error - 31/07/2012 08:10:05 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x8a0 Faulting application start time: 0x01cd6f12d16a9185 Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: a97ecd4b-db08-11e1-97a4-005056c00008

Error - 01/08/2012 13:10:09 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 23/06/2012 04:16:21 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Authorization Service service failed to start due to the
following error: %%1053

Error - 23/06/2012 04:16:21 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7001
Description = The VMware Workstation Server service depends on the VMware Authorization
Service service which failed to start because of the following error: %%1053

Error - 24/06/2012 03:25:18 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
Authorization Service service to connect.

Error - 24/06/2012 03:25:18 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Authorization Service service failed to start due to the
following error: %%1053

Error - 24/06/2012 03:25:19 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7001
Description = The VMware Workstation Server service depends on the VMware Authorization
Service service which failed to start because of the following error: %%1053

Error - 28/06/2012 03:24:51 | Computer Name = i5-PC | Source = DCOM | ID = 10010
Description =

Error - 28/06/2012 15:15:24 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez
Studios Authenticate and Update Service service to connect.

Error - 28/06/2012 15:16:45 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
Workstation Server service to connect.

Error - 28/06/2012 15:16:45 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Workstation Server service failed to start due to the following
error: %%1053

Error - 29/06/2012 10:53:18 | Computer Name = i5-PC | Source = DCOM | ID = 10010
Description =

< End of report >

Bishman187 · Aug 1, 2012

OTL Extras logfile created on: 01/08/2012 23:37:36 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = D:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.04% Memory free
7.98 Gb Paging File | 5.06 Gb Available in Paging File | 63.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 121.03 Gb Free Space | 25.99% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 77.52 Gb Free Space | 52.01% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 76.35 Gb Free Space | 32.78% Space Free | Partition Type: NTFS
Drive H: | 6.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: I5-PC | User Name: i5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15FB4C60-0321-40F0-9A2C-34CBCE8306DF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{364BE9E4-1590-407C-B207-5FE3C1BFDD7A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3F629A66-57DF-4CA2-A755-280111B1D8AA}" = protocol=6 | dir=in | app=d:\tor browser\app\tor.exe |
"{3FA8F23F-B649-4855-88F8-880F034A59FE}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51FC0567-B897-4557-B8D1-42FAA8AF3007}" = protocol=6 | dir=in | app=c:\program files\microsoft security client\msseces.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C4A28047-F4AA-4813-A2E9-8DEFBF3E8052}" = protocol=17 | dir=in | app=c:\program files\microsoft security client\msseces.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE6556DE-85E5-4678-9FDC-7C96C6B0896F}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8EF4B00-295C-4B6E-A189-00EF07CF35D6}" = protocol=17 | dir=in | app=d:\tor browser\app\tor.exe |
"{DAF0093F-03FF-48B0-AAE6-46CBA2D55A60}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{E43F1D19-C3C0-46CD-9D8E-7499C4131B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{E77ED38F-0FAB-429B-90E8-905A8909B6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB372953-361A-4F59-B688-474D0E885D87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defensegridtheawakening\defensegrid.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{375B84D1-2006-459F-BA5D-7FEC5B7B677D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{4437D355-3D09-431B-B421-8E702972192B}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{504AD574-F674-4B4B-99C5-0DEF44BA3FEB}C:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"TCP Query User{80E559B8-30F9-4E0C-A38F-B94E7C922234}D:\tor browser\app\tor.exe" = protocol=6 | dir=in | app=d:\tor browser\app\tor.exe |
"TCP Query User{ACBE9E03-9107-416C-8812-42EA06A8CE8C}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{AF7CB441-018F-42CA-A56C-D5A4310CB795}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{E3B9CD5E-D965-4126-8BAE-B10ADA8D9B72}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{0D0EA47F-FBAE-41C0-964C-3F1EC794CA5D}C:\program files (x86)\origin games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"UDP Query User{28F2F342-3048-4D5D-A445-EFCFD427C232}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{3FF4D2DB-677F-48CA-9DFE-6FC0C19D49AB}D:\tor browser\app\tor.exe" = protocol=17 | dir=in | app=d:\tor browser\app\tor.exe |
"UDP Query User{7A62D27D-9797-4046-835D-F294909B41BE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{87073C3B-CA44-45C8-8FC8-1F063EF9FD5B}C:\program files (x86)\ubisoft\rayman origins\rayman origins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe |
"UDP Query User{C540D371-F3C5-4112-A280-1E9224A07BC0}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{E363EE0D-5E5C-4C64-AD2F-C5F166290269}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2BE3C45C-B0E3-4061-A3C5-C6ED9639C813}" = VmciSockets
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6C4B2795-B3E9-44FB-BAB2-A8820CF025E4}" = SRS Audio Essentials
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F97742F0-03A7-11E1-868F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{2F881B56-CBDF-4EC6-A8D2-6412A879C66A}_is1" = AMR Player 1.3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"ASIO4ALL" = ASIO4ALL
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cossacks Anthology_is1" = Cossacks Anthology
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deluge" = Deluge 1.3.5
"ESN Sonar-0.70.4" = ESN Sonar
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exif_Viewer" = Exif_Viewer Unisntall
"Fallout New Vegas_is1" = Fallout New Vegas
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FL Studio 10" = FL Studio 10
"Foxit Reader_is1" = Foxit Reader 5.1
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"ManiaPlanet_is1" = ManiaPlanet
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Off-Road Drive_is1" = Off-Road Drive
"OpenAL" = OpenAL
"Origin" = Origin
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PunkBusterSvc" = PunkBuster Services
"Quantum Conundrum_is1" = Quantum Conundrum
"Rockstar Games Social Club" = Rockstar Games Social Club
"SCANIA Truck Driving Simulator" = SCANIA Truck Driving Simulator 1.0.0
"SopCast" = SopCast 3.5.0
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 11020" = TrackMania Nations Forever
"Steam App 111100" = Snuggle Truck
"Steam App 1840" = Source Filmmaker
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 204060" = Superbrothers: Sword & Sworcery EP
"Steam App 208600" = Lunar Flight
"Steam App 209830" = Lone Survivor
"Steam App 26800" = Braid
"Steam App 3830" = Psychonauts
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"Steam App 8190" = Just Cause 2
"Sumotori Dreams" = Sumotori Dreams
"TreeSize Free_is1" = TreeSize Free V2.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"VMware_Workstation" = VMware Workstation
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.7 (32-bit)
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2300901077-4285810195-2663683418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/07/2012 18:21:59 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x6a0 Faulting application start time: 0x01cd6dd665ec7a18 Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: cfdfe270-d9cb-11e1-97a2-005056c00008

Error - 30/07/2012 12:57:19 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:29:00 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:39:11 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 03:39:11 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 31/07/2012 05:51:00 | Computer Name = i5-PC | Source = Application Hang | ID = 1002
Description = The program Crysis.exe version 1.1.1.5767 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 484 Start
Time: 01cd6f019cd4abb1 Termination Time: 0 Application Path: C:\Program Files (x86)\Electronic
Arts\Crytek\Crysis\Bin32\Crysis.exe Report Id: 190d9cbc-daf5-11e1-a6d1-005056c00008

Error - 31/07/2012 05:51:24 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Crysis64.exe, version: 1.1.1.5767, time
stamp: 0x471f96dc Faulting module name: CrySystem.dll, version: 1.1.1.5767, time
stamp: 0x471f9738 Exception code: 0xc000008f Fault offset: 0x00000000000850cc Faulting
process id: 0x15f4 Faulting application start time: 0x01cd6f020835e834 Faulting application
path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe Faulting
module path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrySystem.dll
Report
Id: 497e08fd-daf5-11e1-a6d1-005056c00008

Error - 31/07/2012 06:23:33 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Crysis64.exe, version: 1.1.1.6115, time
stamp: 0x47c58f4f Faulting module name: CrySystem.dll, version: 1.1.1.6115, time
stamp: 0x47c58fb1 Exception code: 0xc000008f Fault offset: 0x0000000000085c8c Faulting
process id: 0x17c0 Faulting application start time: 0x01cd6f0684c016e4 Faulting application
path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe Faulting
module path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrySystem.dll
Report
Id: c7b1096b-daf9-11e1-a6d1-005056c00008

Error - 31/07/2012 06:23:43 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: crysis64.exe, version: 1.1.1.6115, time
stamp: 0x47c58f4f Faulting module name: CrySystem.dll, version: 1.1.1.6115, time
stamp: 0x47c58fb1 Exception code: 0xc000008f Fault offset: 0x0000000000085c8c Faulting
process id: 0x10c8 Faulting application start time: 0x01cd6f068c5ce69d Faulting application
path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\crysis64.exe Faulting
module path: C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrySystem.dll
Report
Id: cd41fbe9-daf9-11e1-a6d1-005056c00008

Error - 31/07/2012 08:10:05 | Computer Name = i5-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Faulting module name: LVPrcSrv.exe, version: 12.10.1110.0, time
stamp: 0x4acc50c4 Exception code: 0xc0000005 Fault offset: 0x0000000000007af2 Faulting
process id: 0x8a0 Faulting application start time: 0x01cd6f12d16a9185 Faulting application
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Faulting module
path: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Report Id: a97ecd4b-db08-11e1-97a4-005056c00008

Error - 01/08/2012 13:10:09 | Computer Name = i5-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "D:\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 23/06/2012 04:16:21 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Authorization Service service failed to start due to the
following error: %%1053

Error - 23/06/2012 04:16:21 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7001
Description = The VMware Workstation Server service depends on the VMware Authorization
Service service which failed to start because of the following error: %%1053

Error - 24/06/2012 03:25:18 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
Authorization Service service to connect.

Error - 24/06/2012 03:25:18 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Authorization Service service failed to start due to the
following error: %%1053

Error - 24/06/2012 03:25:19 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7001
Description = The VMware Workstation Server service depends on the VMware Authorization
Service service which failed to start because of the following error: %%1053

Error - 28/06/2012 03:24:51 | Computer Name = i5-PC | Source = DCOM | ID = 10010
Description =

Error - 28/06/2012 15:15:24 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez
Studios Authenticate and Update Service service to connect.

Error - 28/06/2012 15:16:45 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VMware
Workstation Server service to connect.

Error - 28/06/2012 15:16:45 | Computer Name = i5-PC | Source = Service Control Manager | ID = 7000
Description = The VMware Workstation Server service failed to start due to the following
error: %%1053

Error - 29/06/2012 10:53:18 | Computer Name = i5-PC | Source = DCOM | ID = 10010
Description =

< End of report >

Broni · Aug 1, 2012

OTL logs are clean

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Bishman187 · Aug 2, 2012

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.268
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

Farbar Service Scanner Version: 26-07-2012
Ran by i5 (administrator) on 02-08-2012 at 17:12:46
Running from "D:\"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Aug 7, 2012

Still waiting for Eset scan results.

Broni · Aug 12, 2012

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive [A] Sirefef - Windows 7 x64

Bishman187

Posts: 23 +0

Broni

Posts: 56,041 +516

Bishman187

Posts: 23 +0

Bishman187

Posts: 23 +0

Bishman187

Posts: 23 +0

Broni

Posts: 56,041 +516

Bishman187

Posts: 23 +0

Bishman187

Posts: 23 +0

Bishman187

Posts: 23 +0

Bishman187

Posts: 23 +0

Broni

Posts: 56,041 +516

Bishman187

Posts: 23 +0

Broni

Posts: 56,041 +516

Broni

Posts: 56,041 +516

Similar threads

Latest posts