[Crowbar]

Awesome!

Any other issues now?

[Advertisements]

no, that seems to be it. Now I get to reinstall comodo.

[DrkMachine]

no, that seems to be it. Now I get to reinstall comodo.

[Crowbar]

Music to my ears! I will keep this open for a few days, in case you see something that isn't quite right, so please follow my recommendations below, especially the part about cleaning up the tools, they are frequently updated, so the older tools are not worth keeping...

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Uninstall ComboFix

• Press the Windows key and R on the keyboard, this opens the Run box
• In the run box, please type Combofix / Uninstall (Notice the space between the "x" and "/") then click OK
  
  
  
• Follow the instructions on the screen
• A message should appear confirming that ComboFix was uninstalled

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go Start > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe

[DrkMachine]

The combofix uninstall command won't work. It tells me "Windows cannot find 'Combofix'. Make sure you typed the name correctly, and then try again."

And it started freezing up again when I tried to run the Disc Cleanup.

Ugh this thing is being obstinant.

[Crowbar]

Let's not worry about the combofix removal, I thought you had it installed, maybe not.

Please run the VEW program again, and I will look thru for today's date .

About what time did it freeze up?

[DrkMachine]

it froze up during the error log scan, It hadn't even loaded into the interface yet.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/03/2013 1:37:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/03/2013 4:49:24 PM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.

Log: 'Application' Date/Time: 21/03/2013 4:49:24 PM
Type: Error Category: 3
Event: 455 Source: ESENT
Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Log: 'Application' Date/Time: 21/03/2013 4:49:24 PM
Type: Error Category: 3
Event: 455 Source: ESENT
Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Log: 'Application' Date/Time: 21/03/2013 4:48:23 PM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.

Log: 'Application' Date/Time: 21/03/2013 4:48:23 PM
Type: Error Category: 3
Event: 455 Source: ESENT
Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Log: 'Application' Date/Time: 21/03/2013 4:48:23 PM
Type: Error Category: 3
Event: 455 Source: ESENT
Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Log: 'Application' Date/Time: 21/03/2013 3:30:13 PM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/03/2013 6:33:34 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/03/2013 6:33:34 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/03/2013 6:28:02 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/03/2013 5:57:14 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
wuaueng.dll (648) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 6848512 (0x0000000000688000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (105 seconds) to be serviced by the OS. In addition, 32 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 37 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 21/03/2013 5:56:37 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
wuaueng.dll (648) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 130514944 (0x0000000007c78000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (68 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 437 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 21/03/2013 5:55:20 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (1680) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 515072 (0x000000000007dc00) for 512 (0x00000200) bytes succeeded, but took an abnormally long time (68 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 21/03/2013 5:55:20 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (648) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" at offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (360 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 21/03/2013 5:49:19 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
wuaueng.dll (648) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 32768 (0x0000000000008000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (69 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 69 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 21/03/2013 5:48:10 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (648) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 0 (0x0000000000000000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (234 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 21/03/2013 5:31:52 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 2948) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 21/03/2013 4:05:52 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:F:/Music/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)


Log: 'Application' Date/Time: 21/03/2013 4:05:52 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:F:/Meditation/Meditation Videos/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)


Log: 'Application' Date/Time: 21/03/2013 4:05:52 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <file:F:/Meditation/Meditation Audio/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)


Log: 'Application' Date/Time: 21/03/2013 3:59:38 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/03/2013 3:59:37 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 21/03/2013 3:56:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/03/2013 3:56:07 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/03/2013 3:56:00 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/03/2013 3:56:00 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 21/03/2013 3:55:50 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/03/2013 6:27:43 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/03/2013 6:19:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/03/2013 6:10:49 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/03/2013 3:56:41 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/03/2013 4:14:39 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/03/2013 3:55:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/03/2013 5:12:36 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/03/2013 4:40:23 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/03/2013 3:27:03 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/03/2013 3:09:08 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 11:30:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 11:17:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 11:04:25 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 8:25:57 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 7:48:54 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 7:38:26 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/02/2013 7:25:52 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/10/2012 6:18:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/10/2012 6:01:01 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/10/2012 5:15:07 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/03/2013 6:35:24 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/03/2013 6:35:17 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:17 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

Log: 'System' Date/Time: 21/03/2013 6:35:17 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Log: 'System' Date/Time: 21/03/2013 6:34:40 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: sptd

Log: 'System' Date/Time: 21/03/2013 6:34:31 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 21/03/2013 6:34:31 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Log: 'System' Date/Time: 21/03/2013 6:34:31 PM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Log: 'System' Date/Time: 21/03/2013 6:34:31 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lirsgt service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 21/03/2013 6:34:30 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The atksgt service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 21/03/2013 6:34:06 PM
Type: Error Category: 0
Event: 4 Source: sptd
Driver detected an internal error in its data structures for .

Log: 'System' Date/Time: 21/03/2013 6:28:18 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/03/2013 6:34:32 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/03/2013 6:33:36 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/03/2013 6:27:59 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/03/2013 6:19:40 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/03/2013 6:11:13 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/03/2013 5:39:25 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/03/2013 5:38:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 21/03/2013 4:00:55 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/03/2013 3:59:38 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/03/2013 3:56:59 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 20/03/2013 3:50:10 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 20/03/2013 3:48:58 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/03/2013 4:14:56 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 20/03/2013 3:56:07 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 20/03/2013 3:41:35 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/03/2013 5:13:13 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/03/2013 5:04:48 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/03/2013 4:40:45 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/03/2013 4:28:58 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/03/2013 3:28:55 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

[Crowbar]

Quick questions:

Vino's Event Viewer v01c run on Windows 2008 in English

This is Windows 7 Ultimate version, correct?

Do you somehow have a version of Microsoft Exchange on this machine?

Has the system time been reset recently? - I am seeing errors from the future

Report run at 21/03/2013 1:37:01 PM

that seems right but,

Log: 'Application' Date/Time: 21/03/2013 4:49:24 PM
Type: Error Category: 0
Event: 257 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1023.

I will be offline for the next several hours but I will get back here tonight for sure.

[DrkMachine]

Correct this is windows 7 ultimate.

I have not installed any version of microsoft Exchange. I looked around to make sure, but find no trace of it on my system that I can see.

The system time has not changed anywhere I can find, Even checked the bios to make sure.

[Crowbar]

Ok, after reviewing your thread, I see that I neglected to do a sweep for any remnants, I got caught up in the freezing issue, so to be thorough let's do that now.
You can do this from safe mode with networking if the computer does not like normal mode:

Step 1

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:

• Malwarebytes log
• ESET scan log

[DrkMachine]

Mbam

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.22.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
User :: MACHINE-PC [administrator]

3/22/2013 8:58:15 AM
mbam-log-2013-03-22 (08-58-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217079
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c8ce62b85da8d747b1fbd88cef29085a
# engine=13457
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-22 04:26:39
# local_time=2013-03-22 11:26:39 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1029 16777214 0 1 53991784 53991784 0 0
# compatibility_mode=5893 16776574 100 94 30128574 115513049 0 0
# scanned=416062
# found=6
# cleaned=0
# scan_time=8348
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application" ac=I fn="C:\MGtools\Process.exe"
sh=480FA2E02978E8173DE15B98EC3C8FEC9A4A424C ft=1 fh=1e3ce5e42604fd71 vn="a variant of Win32/Packed.VMProtect.AAD trojan" ac=I fn="C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll"
sh=F773355B281F4DFDA4F563FA28061EDC8591F755 ft=1 fh=b38786bb80da2a0f vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files (x86)\IObit\Game Booster\GameBoosterSetup.exe"
sh=F773355B281F4DFDA4F563FA28061EDC8591F755 ft=1 fh=b38786bb80da2a0f vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files (x86)\IObit\Game Booster\Update\GameBoosterSetup.exe"
sh=6EA36102C5694582E40FF394A062BD80EDA4A129 ft=1 fh=1e8b5ef401c0d169 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\User\Downloads\cpu-z_1.58-setup-en.exe"
sh=D676A34DC198D344AAC505C7C55432D9B83A2BCA ft=1 fh=3d25179faed50106 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Users\User\Downloads\gb3-setup.exe"

[Crowbar]

Hi,
After consulting with a few colleagues we are suspecting hardware issues.
If you can, please open up the case and take a look at your motherboard, if you feel comfortable with doing so.
Do you see any of the capacitors looking swollen? If there is some dust in there, this would be a good time to blow it out with a can of air. Don't let the fans spin while doing so, just hold them in place, it's bad for the fan bearings to spin them overspeed.
Now first I see a few bad things in your ESET scan, one of them is bad news for your Bulletstorm game.
It seems to be packed with a trojan, so I recommend you uninstall it. I will remove the offending file with an OTL fix.

Also the Iobit game booster that I was leery about is bundled with a widgi toolbar. I don't see it on your system, but I really don't recommend using anything from Iobit.

Did you to the OTL cleaunp yet? If so then I need you to download a copy again. If you didnt do the cleanup, that's ok too. My plan is to generate a new extras.txt file.

Step 1
Please uninstall your game Bulletstorm by using the games uninstaller.
Click on the Start orb, then Control Panel, then Uninstall a program. Uninstall the game from there.

Step 2
If you did not do the OTL cleanup then skip to the next step, follow this step if you did do the cleanup,
Download OTL to your Desktop
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :files
  C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the logs it produces in your next reply.

Step 3
Do this step if you did not do the OTL cleanup, meaning you still have it on your desktop

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator
Next please change the option in the Extra Registry section from None to Use SafeList

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :files
  C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 4
Check Hard Disk For Errors:

Windows Vista/7

Please copy everything in the quote box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
del %0

• Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
• Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
• On the File menu, click Save
• On the Save AS window that comes up, do the following:
  • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
  • At the bottom in the File Name: box type testhd.bat
  • In the Save as type: box, click the down arrow and click All Files(*.*)
  • Click Save
  This will put a new file on the Desktop named testhd.bat
  The file icon will look like this:
  
  
  Close all open windows and any open Browsers.
  
• Right click the testhd.bat file on the desktop and click Run As Administrator then OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
• When the command window has closed there will be a new file on the desktop named checkhd.txt
• Copy and paste the contents of the checkhd.txt file in your next reply.

In your next reply I would like to see:

• OTL fix log
• checkhd.txt
• motherboard look ok?

[DrkMachine]

Mother board looks good.

OTL Fix log

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
Error: Unable to interpret < :files> in the current context!
Error: Unable to interpret < C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll> in the current context!
Error: Unable to interpret < :commands> in the current context!

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 14424280 bytes
->Temporary Internet Files folder emptied: 29915621 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03232013_145345

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUSQO5UL\aclk[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUSQO5UL\iframe[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUEVXY14\page__st__15[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUEVXY14\request_ad[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIYCT511\ads[2].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIYCT511\zrt_lookup[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWSUGG0W\ads[4].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Checkhd.txt

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1170 large file records processed.

0 bad file records processed.

2 EA records processed.

59 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1170 large file records processed.

0 bad file records processed.

2 EA records processed.

59 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
55998 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

718837759 KB total disk space.
304671880 KB in 372484 files.
191448 KB in 55999 indexes.
0 KB in bad sectors.
580031 KB in use by the system.
65536 KB occupied by the log file.
413394400 KB available on disk.

4096 bytes in each allocation unit.
179709439 total allocation units on disk.
103348600 allocation units available on disk.

[Crowbar]

Seems like your disk has no errors, that's good.

I think I messed up with the script, so let's try that again.
Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator

• Please click on the None button (it's near the top of the OTL window)
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :files
  C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll
  

• Then click the Run Fix button at the top
• Post the log it produces in your next reply.

Step 2
Re-run OTL

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please look in the Extra Registry section, and select Use Safe List
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In your next reply I would like to see:

• OTL fix log
• fresh OTL log and extras.txt

[DrkMachine]

OTL fix log

========== FILES ==========
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03252013_011401


OTL log

OTL logfile created on: 3/25/2013 1:15:15 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.09% Memory free
8.00 Gb Paging File | 6.87 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.54 Gb Total Space | 394.70 Gb Free Space | 57.57% Space Free | Partition Type: NTFS
Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 62.47 Mb Total Space | 31.03 Mb Free Space | 49.67% Space Free | Partition Type: FAT

Computer Name: MACHINE-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/27 18:08:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/25 12:53:24 | 000,180,576 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2012/05/25 12:53:20 | 000,119,136 | R--- | M] (Commtouch, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2012/05/25 12:53:12 | 000,121,184 | R--- | M] (Commtouch, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/21 12:21:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/12 04:58:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/13 12:57:52 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/02 19:32:55 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/05/25 12:58:30 | 000,173,408 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2012/05/25 12:58:28 | 001,496,416 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/26 18:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/27 23:15:26 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2011/07/14 17:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/24 14:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 22:51:38 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/08 14:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2010/03/08 14:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
DRV:64bit: - [2010/01/06 01:44:20 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/17 11:54:38 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 11:53:42 | 000,089,616 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/07/23 09:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/04/12 08:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007/04/10 06:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007/04/10 04:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007/04/10 04:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007/04/10 04:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007/04/10 04:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007/04/10 04:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007/04/10 04:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007/04/10 04:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007/04/10 04:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2007/04/10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/04/10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/04/10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/04/10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/04/10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/04/10 04:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007/04/10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/04/10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007/04/10 04:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007/04/10 04:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2007/03/20 11:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2012/03/26 18:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 82 C5 DD 1D DD CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7WZPC_en
IE - HKCU\..\SearchScopes\{AC01EF9D-04A3-4A38-8296-B18B88403052}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{F6066676-1EEB-BD50-8DCD-39409136EB4C}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.18
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.9rc2
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.7
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 04:58:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 04:58:53 | 000,000,000 | ---D | M]

[2010/10/18 22:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010/10/18 22:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/10/23 00:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\5wmol7ea.default\extensions
[2012/10/03 23:02:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\5wmol7ea.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/10/13 23:08:27 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\5wmol7ea.default\extensions\[email protected]
[2012/09/05 01:03:23 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\5wmol7ea.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2011/10/25 16:09:36 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\5wmol7ea.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2012/10/23 00:36:18 | 000,529,958 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\5wmol7ea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/20 00:59:53 | 000,002,112 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\5wmol7ea.default\searchplugins\wot-safe-search.xml
[2012/10/12 04:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/12 04:58:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 01:03:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 04:58:50 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: WOT Safe Search (Enabled)
CHR - default_search_provider: search_url = http://search.surfca...ms}&partner=wot
CHR - default_search_provider: suggest_url = http://www.surfcanyo...?q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.2_0\
CHR - Extension: Late Night = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\

O1 HOSTS File: ([2013/03/21 12:37:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DevconDefaultDB] C:\Windows\SysWow64\readreg.exe (Creative Technology Limited)
O4 - HKCU..\Run: [googletalk] C:\Users\User\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.220.0.10 24.220.0.11 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0439918-EAA4-47CF-82BD-89B1CA356508}: DhcpNameServer = 24.220.0.10 24.220.0.11 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/12 04:38:58 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/22 08:55:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013/03/21 12:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/03/21 12:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/03/21 12:36:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/03/21 12:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/03/21 12:26:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/03/21 11:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.technic
[2013/03/21 11:49:57 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/21 11:49:53 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/21 11:49:53 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/21 11:49:53 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/21 11:01:49 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/03/21 10:30:15 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/21 10:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/03/21 10:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/03/19 22:14:37 | 000,235,936 | ---- | C] (Tagès SA) -- C:\Users\User\Desktop\TagesSetup_x64.exe
[2013/03/19 00:16:08 | 000,354,265 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FSS.exe
[2013/03/17 10:12:41 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013/03/17 09:52:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/16 18:47:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2013/02/27 20:36:17 | 000,000,000 | ---D | C] -- C:\FRST

========== Files - Modified Within 30 Days ==========

[2013/03/25 01:17:26 | 000,792,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/25 01:17:26 | 000,669,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/25 01:17:26 | 000,125,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/25 01:11:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/25 01:11:34 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/23 15:10:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 14:32:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/22 08:56:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/21 17:14:45 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 17:12:36 | 000,020,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 13:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/21 12:37:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/21 12:21:12 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/21 12:21:12 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/21 12:19:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2925201978-3475927693-2139486491-1000UA.job
[2013/03/21 12:01:02 | 000,012,136 | ---- | M] () -- C:\Users\User\Desktop\Roaming - Shortcut.lnk
[2013/03/21 11:51:19 | 002,446,236 | ---- | M] () -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/03/21 11:49:45 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/21 11:49:44 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2013/03/21 11:49:44 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/03/21 11:49:44 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/21 11:49:44 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/21 11:49:44 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/21 11:01:00 | 000,270,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/21 10:56:45 | 000,792,614 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/21 10:30:48 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MACHINE-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/03/21 10:29:42 | 000,002,163 | ---- | M] () -- C:\Users\User\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/19 22:13:26 | 000,235,936 | ---- | M] (Tagès SA) -- C:\Users\User\Desktop\TagesSetup_x64.exe
[2013/03/19 00:02:42 | 000,354,265 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FSS.exe
[2013/03/19 00:01:48 | 000,061,440 | ---- | M] ( ) -- C:\Users\User\Desktop\VEW.exe
[2013/03/17 09:49:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2013/03/16 18:35:02 | 000,890,798 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck.exe
[2013/03/16 18:34:34 | 000,597,667 | ---- | M] () -- C:\Users\User\Desktop\AdwCleaner.exe
[2013/03/16 18:32:40 | 000,815,616 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
[2013/02/27 18:08:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/02/27 18:07:43 | 000,001,050 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/27 18:07:13 | 000,001,016 | ---- | M] () -- C:\Users\User\Desktop\Dropbox.lnk
[2013/02/27 17:31:49 | 000,009,688 | ---- | M] () -- C:\bootsqm.dat
[2013/02/27 15:50:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe
[2013/02/27 15:26:10 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2925201978-3475927693-2139486491-1000Core.job

========== Files Created - No Company Name ==========

[2013/03/21 12:01:02 | 000,012,136 | ---- | C] () -- C:\Users\User\Desktop\Roaming - Shortcut.lnk
[2013/03/21 11:51:12 | 002,446,236 | ---- | C] () -- C:\Users\User\Desktop\TechnicLauncher.exe
[2013/03/21 10:30:48 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MACHINE-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
[2013/03/21 10:29:42 | 000,002,163 | ---- | C] () -- C:\Users\User\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/19 00:14:00 | 000,061,440 | ---- | C] ( ) -- C:\Users\User\Desktop\VEW.exe
[2013/03/16 18:54:27 | 000,890,798 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck.exe
[2013/03/16 18:51:57 | 000,597,667 | ---- | C] () -- C:\Users\User\Desktop\AdwCleaner.exe
[2013/03/16 18:47:45 | 000,815,616 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
[2013/02/27 17:31:49 | 000,009,688 | ---- | C] () -- C:\bootsqm.dat
[2013/02/27 15:11:10 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2013/02/27 15:11:10 | 000,001,050 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/24 23:11:49 | 000,000,408 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2012/07/25 17:51:44 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/25 16:39:58 | 000,000,145 | ---- | C] () -- C:\Users\User\.appletviewer
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/13 23:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/23 00:18:44 | 000,001,854 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/06/18 12:30:37 | 000,000,214 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/05 15:23:26 | 000,001,770 | ---- | C] () -- C:\Users\User\AppData\Roaming\Profile0.dat
[2011/05/29 15:06:39 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND
[2011/05/15 00:22:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/15 00:22:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/15 00:22:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/15 00:22:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/15 00:22:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/31 23:36:42 | 000,007,594 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2011/03/30 22:41:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/15 14:14:29 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >


Extras

OTL Extras logfile created on: 3/25/2013 1:15:15 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.09% Memory free
8.00 Gb Paging File | 6.87 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.54 Gb Total Space | 394.70 Gb Free Space | 57.57% Space Free | Partition Type: NTFS
Drive D: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 62.47 Mb Total Space | 31.03 Mb Free Space | 49.67% Space Free | Partition Type: FAT

Computer Name: MACHINE-PC | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B5CDCB-2D9D-42EE-9E59-3A4E8B93C683}" = lport=10243 | protocol=6 | dir=in | app=system |
"{043311F6-0BC5-4281-ABA7-3A3FA98D5061}" = lport=58149 | protocol=6 | dir=in | name=pando media booster |
"{04725B7D-6623-4C64-9C7D-CF34C8B0A045}" = lport=56566 | protocol=17 | dir=in | name=pando media booster |
"{0CBA4C36-8572-4333-BBAE-F4C5C480EFB7}" = lport=139 | protocol=6 | dir=in | app=system |
"{0D0E64FB-02FD-472D-A8A7-8575508B62E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D6F2D0F-BBEC-4D1C-A1BD-4D0BBED75639}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AA6D374-1020-45E5-BDE1-AAA62312093B}" = rport=445 | protocol=6 | dir=out | app=system |
"{1BA7E0F8-B6CF-4AC2-A785-E1A39522CBBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DAACB89-CC3D-4818-BE44-8391AB5A1733}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2DFC6F6E-0539-40A4-9048-0D7DD63E0E47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B4712A4-00D3-4CB5-8B16-446503379C50}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F9B1208-76E7-4CD6-84B9-270114A706F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41E4DC9E-4C59-4A91-9B9D-43D75842128B}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{48A7F30C-1C61-4AF7-9A58-96D30F7E4B78}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CFB0A4D-4310-4829-A02D-03F338494AD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55E7D7AC-4754-48A8-8832-43FB957F6BD7}" = lport=58149 | protocol=17 | dir=in | name=pando media booster |
"{579220CC-7549-42FE-AEA8-479BC9480DF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{6F1134EC-F6F7-413C-AE8C-6DA4E41B9550}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F20D037-02AE-4A4A-AEDB-3E5F0A04236B}" = lport=445 | protocol=6 | dir=in | app=system |
"{828BCE21-6A96-495C-933C-858396E872DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83EB3FC4-40F7-4478-9B05-3EA4F6D00EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{892C5381-CC3B-4C45-86C8-A4DFD063A6BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98498EF1-90E8-4461-A278-D93290ACEDFA}" = lport=56566 | protocol=6 | dir=in | name=pando media booster |
"{98B71F2A-2292-4A1D-8868-3B54813ED418}" = rport=139 | protocol=6 | dir=out | app=system |
"{A26ED7B5-533B-4732-913E-EB326E944A58}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEA64C17-9E3E-4063-B2A5-F48BF7F91BA3}" = lport=58149 | protocol=17 | dir=in | name=pando media booster |
"{B32107A5-99B4-4EC5-BC70-5522E6986371}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B639ECBD-5432-4447-81C8-406E1960FFFE}" = lport=58149 | protocol=6 | dir=in | name=pando media booster |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C03EAB1B-D361-47B1-B2A3-BD17F7C417D8}" = lport=56566 | protocol=17 | dir=in | name=pando media booster |
"{C05ED4E7-5D1A-429F-838D-0338F7B144F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CC7863CC-D160-429D-B5ED-871B872A8854}" = rport=137 | protocol=17 | dir=out | app=system |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8B029AE-419F-49C3-8640-1E257E694E8C}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECA2C02A-039E-4582-A24E-405817055923}" = lport=56566 | protocol=6 | dir=in | name=pando media booster |
"{FDC2A1D2-5D8D-4D63-9550-1711533D78C5}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A87815-AD06-4198-81A4-DCDAA8EB92FE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07D16807-5583-4E1B-84D9-D84BC5537EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{083173A0-88C9-4CC3-A5A4-3494A440F4EE}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0CD92698-2974-47E5-98F2-91FCA71429BF}" = protocol=58 | dir=in | [email protected],-28545 |
"{0CDBDBA0-438C-49F4-9788-DA696F2480F5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0FAFA7FF-28E5-4B74-9273-D978E56D7054}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{106C1D83-0825-41E0-9981-85DEC6811362}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{1EA1E312-6D36-4EE0-996D-D8BAEB0E0B9A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{20266739-653D-43E2-98A6-525548C90489}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{20B6A5E7-AC50-43B2-A07C-33E21563C508}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{2160F437-868C-40AE-8D99-72701D702E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{22FA1DE8-0209-4318-882B-8D745F54258F}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{252160A1-183F-4E46-B11B-8D13279E37BF}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{299D2333-F698-4053-A785-084512E2C6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{2A4C12DA-B73E-4451-9B10-47581E899334}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\mass effect™ 2\masseffect2launcher.exe |
"{2AA45D59-CD38-49C9-8885-A9AEF62375A3}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{2BBD06E7-D252-4E51-A2E6-ED5F8FBE4ADA}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{2DF64B53-45A8-4269-91E4-9D446A3E7641}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2EF1A9C0-5F5C-4148-AFCE-3E2A4E3948F5}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{33E6EFE9-AC84-4F02-85D9-E7E3F54EF83A}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{34E6C33D-0545-4607-9BD0-100E93EFAB8D}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{36093FA7-D6C0-4E49-9F11-AA7874AAB81A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3ABD143B-E2B8-46B0-8461-9BB9D40DF5A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43603EDD-A4EA-4BA5-B8E5-B90E1A392BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{451F1A6B-9206-4F64-997B-B0BD2D7A366A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\mass effect™ 2\masseffect2launcher.exe |
"{49322D9C-E892-47F6-A61C-33998ABC8D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{4C80C075-9388-47E5-A8F8-E27F9B64EFAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D1E30B4-0600-434A-ADBD-90083FF480B6}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{58FF6034-49CD-4E48-92BB-FB17C4BAD8CC}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\apps\2.0\rmr5zrd2.rj3\lty1d7dd.lx1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{5F2D03F4-EC8C-4622-9543-3D7CD869D3CE}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{639950D3-64E2-4204-A109-0298BEF42F80}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6549ACB8-C915-4BD6-B996-EC06F8042A00}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67C1C51B-991A-4A77-98BB-82D6BCAC1906}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{6B18DADD-1945-4A11-B840-FF6602C457C1}" = protocol=17 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{6F21B768-F9D5-42FA-B1DE-0A898092127D}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{7442FB43-6DA9-4259-9346-6E9D8FF86B29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7659DBE4-77B4-4EDA-85BF-F5281BE7B668}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{7766F19B-E253-4275-8175-79BFA405FAD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79DB79FE-5F19-4BC1-8008-89163317EB9C}" = protocol=6 | dir=in | app=c:\program files\flagship studios\hellgate london\launcher.exe |
"{7FF0626E-03BA-4722-86BB-072410F05F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{81FD17C7-3D69-4151-87B8-FAABCB3117E1}" = protocol=58 | dir=out | [email protected],-28546 |
"{837262D5-E100-4B78-AA10-3B5A26E697EB}" = protocol=17 | dir=in | app=c:\t3fun\hellgate\hgllauncher.exe |
"{8945540E-FBBB-4B0B-90AD-1101C435519D}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\apps\2.0\rmr5zrd2.rj3\lty1d7dd.lx1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\curseclient.exe |
"{8A72E522-F72D-40DC-BB75-BE29E4C31CAA}" = protocol=17 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{8AD8D779-44B7-4581-BE71-D02F759BE7AB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{925F7C0E-C277-42F7-A1B6-9E980F28468A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{94EF9EE7-FF6D-4395-97AD-6D9308A299F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9E6C417F-B0A9-4FFB-8235-1984EB27DE89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2B3008C-81DD-4E8D-8F0C-D636DFDC2ADD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A71D8811-4010-4984-B825-DB880DAC4640}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{A8207F12-A423-443B-8E58-97CD81B35836}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{ACCBC04E-4EE8-41B2-B4CD-D95C3357A1EC}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{AD4D229C-087D-4A1E-802D-87BE2BA01F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{AD837274-98DD-44D0-B69E-0D9869C4E717}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{B4CB77A8-18A5-4376-A5ED-6C3DEF524E01}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B7AC0266-45D2-46EE-B891-D8EDFDCC25E3}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{B7DCC743-B37B-4529-B665-B5209D6A5A70}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{B7F49E35-A27F-4466-8541-9A0D4B6ACC11}" = protocol=1 | dir=out | [email protected],-28544 |
"{B84E3C67-E23A-49F2-A4C0-D2B7668F5CBB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8AF3D2B-5B64-4C97-A188-5ABCAE0BD248}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{BBBD646B-6E96-44A9-8500-9DAAA5C96BA8}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{C0B741AF-827A-4AA2-8A0A-84C6A1B50CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{C1B90484-A496-4B81-8012-133638233E8C}" = protocol=6 | dir=out | app=system |
"{C33C3293-6BDA-49E0-86C9-324866D2019D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C8E490A5-45A7-4BD9-901B-AFC6ED568B91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9847996-AD85-4951-A246-82F20583EB0A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C9A713BB-310A-4C6A-BF77-DFB850A71A86}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C9FEDF07-A168-4BF8-9184-993464C0A96C}" = dir=out | app=field |
"{CCF6DF89-B865-45CA-B3B3-F73EB794D080}" = protocol=1 | dir=in | [email protected],-28543 |
"{CE486B01-7BC1-4567-8CD6-FC21CBBAB0D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0918A84-C6EF-40D5-A901-5CB216A8F99C}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{D21FD5BC-F8BC-42E2-948A-2DD596D794A5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D462E39A-1663-4692-BEA4-BDEE94456CD6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{D4D1A818-9BC1-480C-BC28-1C00C42EDF00}" = protocol=6 | dir=in | app=c:\program files (x86)\ea\bulletstorm\binaries\win32\shippingpc-stormgame.exe |
"{D7CA5391-4C6C-4021-942E-48F52D5F8304}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D80237A5-AAA5-44F5-B1C3-F3638D8EAB27}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D9C088AA-F99E-44F4-8C79-B46C8C39C93F}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{DB0353C4-F6A6-4234-BD08-2F6D016F67D4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{DB4013AB-B070-4077-B9C6-4E2785AA7D18}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{DB5760DF-9D10-4778-B8BD-678C39E9597A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E15E1D9D-369A-4255-A1D7-DEC05EF1D7C8}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{E7FCE130-8F34-407A-A04B-9BB72E58C559}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8C08952-4E96-4602-A786-134BAAE0B5C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E949B56D-280C-4DA0-9B09-053B0E8BFF61}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{ED4BB927-E49D-4AF7-BB01-9D3D8155FFAF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF0E8C7C-E0B2-40B9-A0C8-25F48E965E36}" = protocol=6 | dir=in | app=c:\t3fun\hellgate\hgllauncher.exe |
"{EFC8BF9D-7D80-46C0-9425-4963101F20D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0C59D0F-DB7C-409A-9949-53B630787A8A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{F16E42AD-B82B-485F-9592-42CE082127C8}" = dir=out | app=%systemroot%\explorer.exe |
"{F1A65AC1-CDBD-4C9C-88DC-E0857B4B9D2D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F22E22E3-B9F5-46F1-8417-C5A57E956351}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{F2D1C6B7-FE1D-4D37-98AA-3B12EA2C50DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{F58EFB07-D12C-46A8-ABC3-193D967F3EEA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9A934CA-BF76-4A3B-B08D-883688441E4E}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{FBB3C7D3-24C6-4727-AA8C-0B36C72EE18C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{FC054828-18F0-4DD6-8A46-B822055193C2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FD00D482-D6AA-4899-8588-AA5F7BD82850}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"TCP Query User{0C5C7CDB-0802-4355-9878-F014DDD71242}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{23CFD2FB-6ABB-45CD-BA0C-5AF273A43129}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{2A4B951E-F816-4E82-A847-302C74316763}C:\program files (x86)\electronic arts\battlefield bad company™ 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company™ 2\bfbc2game.exe |
"TCP Query User{47C4E511-10BE-491B-86B8-3D60DEC94F1E}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{4882E086-C106-4DF0-A021-62D32A6D7BF3}C:\program files (x86)\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dead space 2\deadspace2.exe |
"TCP Query User{8C59A72C-2FCD-4E0D-865E-2F8A9F57A650}C:\users\user\desktop\starcraft_2_na_en-us.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\starcraft_2_na_en-us.exe |
"TCP Query User{8F7535D6-A9E8-4B24-87F2-3C891514E7F8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A87BCD57-E235-4ADE-9BC5-5147889E9DA0}C:\program files (x86)\limewire plus+\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire plus+\limewire.exe |
"TCP Query User{BA5D7F59-0826-429B-8724-B92CE8D35F6E}C:\program files (x86)\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"TCP Query User{DEA8640A-4632-415C-8C49-8606F970D79E}C:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe |
"TCP Query User{E64103F0-C125-4795-824E-1E54B7D57E92}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{EB37E12F-2739-4143-B668-85571502F31D}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe |
"UDP Query User{0F6526FC-9AAA-41B5-B4A0-26BA28E1AAF0}C:\program files (x86)\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dead space 2\deadspace2.exe |
"UDP Query User{2A28912A-5BAC-44BB-848E-B8BDA6C19925}C:\program files (x86)\limewire plus+\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire plus+\limewire.exe |
"UDP Query User{560CCCEA-2167-40AF-B3A0-FC6107184E1C}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{5D98988B-7921-48F4-9186-AA5A3C032E0E}C:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe |
"UDP Query User{6651C91D-E894-43C3-B156-1405C4561222}C:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{666E64F8-33AC-4C95-8B0D-1CBF5E2F4C65}C:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2_w32ded.exe |
"UDP Query User{788C6D2A-D4A8-4FBB-9875-CCB4A6850B1E}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{8E331774-8C59-4789-AE17-C7240DAAB339}C:\program files (x86)\electronic arts\battlefield bad company™ 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company™ 2\bfbc2game.exe |
"UDP Query User{AFA9D525-EB72-46A4-A6B8-96C110DF8D27}C:\users\user\desktop\starcraft_2_na_en-us.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\starcraft_2_na_en-us.exe |
"UDP Query User{BB101A11-3C74-41F0-B6B4-C8737DC2380F}C:\program files (x86)\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe |
"UDP Query User{BCAF9AD9-D3FB-4B3E-A215-72E575B0F48E}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{F923A6D1-395C-4709-8467-AD7C21C992FD}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D290715-B0FC-3898-9247-62F803A585DF}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{48A7B11D-C3E1-3BEE-AF6C-8976F6E705A6}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{67048E0C-29A5-534C-FF67-83C4BF948D48}" = AMD Drag and Drop Transcoding
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7D0C3BC-CB39-3CA1-9295-A23A93994893}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D4A6E342-907C-4CEF-96CC-FC2F4990DC9C}" = AVSDK5
"{D87047B9-BBC5-9941-00B4-719B9E56CACC}" = ATI AVIVO64 Codecs
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Ultravnc2_is1" = UltraVnc
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{0214578F-4888-43FB-9E34-C14FCFDEDDEB}" = Razer Nostromo
"{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{1D10C273-3F95-42A2-8371-AB6B1F59821B}" = WOT for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{23FBECC1-FA31-472A-83FB-27520B81EC3A}_is1" = TheMatrix Screen Saver version 1.14
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = The Sims™ 2 Double Deluxe
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}" = Razer Nostromo Firmware Updater
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{55DBE324-BA6A-4AE2-BC68-B406915C2C0B}" = Overwolf
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{65589581-920C-CAE1-58C2-2149D3AA3F39}" = HydraVision
"{65DF3688-6EF3-4C86-83DE-54AB46029F07}" = Hellgate
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{912193FD-A397-41F7-ABEA-D1AF442ABF89}" = DUNGEONS
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDE5F97-31F5-4689-86B0-20C69EC5386F}" = iSpy
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"AnyDVD" = AnyDVD
"AVIcodec" = AVIcodec (remove only)
"BitTorrent" = BitTorrent
"Blueline_is1" = Blueline 1.1.1
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Crysis WARHEAD®" = Crysis WARHEAD®
"Diablo III" = Diablo III
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.3
"Game Booster_is1" = Game Booster 3
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"HashCalc_is1" = HashCalc 2.02
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NoIPDUC" = No-IP DUC
"Origin" = Origin
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"Revo Uninstaller" = Revo Uninstaller 1.92
"SpeedFan" = SpeedFan (remove only)
"SpellForce - Platinum Edition_is1" = SpellForce - Platinum Edition
"Star Trek Online" = Star Trek Online
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player 2.0.1
"VLC Setup Helper_is1" = VLC Setup Helper
"WinISD Pro [alpha]" = WinISD Pro [alpha]
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"SOE-DC Universe Online Live" = DC Universe Online Live

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/21/2013 11:30:13 AM | Computer Name = Machine-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe;
Description = Tweaking.com - Windows Repair; Error = 0x8007043c).

Error - 3/21/2013 12:48:23 PM | Computer Name = Machine-PC | Source = ESENT | ID = 455
Description = Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 3/21/2013 12:48:23 PM | Computer Name = Machine-PC | Source = ESENT | ID = 455
Description = Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 3/21/2013 12:48:23 PM | Computer Name = Machine-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The ESENT error was: -1023.

Error - 3/21/2013 12:49:24 PM | Computer Name = Machine-PC | Source = ESENT | ID = 455
Description = Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 3/21/2013 12:49:24 PM | Computer Name = Machine-PC | Source = ESENT | ID = 455
Description = Catalog Database (1148) Catalog Database: Error -1023 (0xfffffc01)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 3/21/2013 12:49:24 PM | Computer Name = Machine-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The ESENT error was: -1023.

Error - 3/22/2013 4:20:40 PM | Computer Name = Machine-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ iolo Applications Events ]
Error - 6/13/2012 2:22:57 PM | Computer Name = Machine-PC | Source = System Shield | ID = 11
Description =

Error - 10/24/2012 5:03:12 PM | Computer Name = Machine-PC | Source = System Shield | ID = 12
Description =

Error - 10/24/2012 6:35:12 PM | Computer Name = Machine-PC | Source = System Shield | ID = 12
Description =

Error - 10/25/2012 12:21:49 AM | Computer Name = Machine-PC | Source = System Shield | ID = 12
Description =

Error - 10/25/2012 12:29:14 AM | Computer Name = Machine-PC | Source = System Shield | ID = 12
Description =

[ Media Center Events ]
Error - 1/29/2011 7:57:08 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 5:57:08 PM - Error connecting to the internet. 5:57:08 PM - Unable
to contact server..

Error - 1/29/2011 7:57:14 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 5:57:13 PM - Error connecting to the internet. 5:57:13 PM - Unable
to contact server..

Error - 1/30/2011 4:09:32 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:09:32 AM - Error connecting to the internet. 2:09:32 AM - Unable
to contact server..

Error - 1/30/2011 4:09:38 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:09:38 AM - Error connecting to the internet. 2:09:38 AM - Unable
to contact server..

Error - 1/30/2011 4:13:26 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:13:26 PM - Error connecting to the internet. 2:13:26 PM - Unable
to contact server..

Error - 1/30/2011 4:13:32 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:13:32 PM - Error connecting to the internet. 2:13:32 PM - Unable
to contact server..

Error - 1/31/2011 4:12:21 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:12:21 AM - Error connecting to the internet. 2:12:21 AM - Unable
to contact server..

Error - 1/31/2011 4:12:27 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:12:27 AM - Error connecting to the internet. 2:12:27 AM - Unable
to contact server..

Error - 1/31/2011 4:15:09 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:15:08 PM - Error connecting to the internet. 2:15:08 PM - Unable
to contact server..

Error - 1/31/2011 4:15:14 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 2:15:14 PM - Error connecting to the internet. 2:15:14 PM - Unable
to contact server..

[ System Events ]
Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/25/2013 2:12:02 AM | Computer Name = Machine-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/25/2013 2:13:52 AM | Computer Name = Machine-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/25/2013 2:13:53 AM | Computer Name = Machine-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 3/25/2013 2:13:53 AM | Computer Name = Machine-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

[Crowbar]

Hi again,
I want to try one more program on your system, I have been hesitating to do so previously as I like to run this one in normal mode, but since you get get in normal mode, let's do this in Safe Mode with Networking.

Make sure to pause your anti-virus before you start it -
Combofix will reboot your computer, so please make sure you start it in safe mode with networking after the reboot, to ensure that combofix finishes properly.
After that reboot, please try booting to normal mode and let me know what happens.

Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
• Also allow the installation of the recovery console
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

In your next reply I would like to see:

• Combofix log