1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

latop is verry slooow

Discussion in 'Windows - Virus and spyware problems' started by tali1, Oct 22, 2013.

  1. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    My latop is verry slooow .Typing is delayed, webpages jump , tabs for webpages hang
    i have ran disk clean up , spybot, eset online , housecall, avast, awdcleaner, to clean malware -but problem still there.Anvi scan seemed to lessen problem somewhat - but still lurking and starting to reoccur as before.
    All browsers are affected and i keep getting shockwave player has crashed in chrome ( i do not have 2 entries which is claimed to cause problem.)I have disabled shockwave- but problem still there.I have also disabled most of the other plug ins
    Sys Restore will only let me go back a few days to when the problem was occuring
    Running out of ideas now
     
  2. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,895
    Likes Received:
    9
    Trophy Points:
    68
    You came to the right place the better malware is smart enough to corupt all restores that predate the infection. If you have a factory restore in a hidden partition that will be infected.

    I monitor this forum more to keep informed than to provide service. 2old will give you a hand.
     
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi tali1,

    I can help you clean up.. First let's have a look in and see what we can find:

    --OTL--

    Please download OTL by OldTimer to your Desktop.

    If you already have a copy of OTL, delete it and use this version.

    Double click OTL.exe to launch the program.

    Check the following.
    Scan all users.
    Standard Output.
    Lop check.
    Purity check.
    Under Extra Registry section, select Use SafeList
    Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

    When finished it will produce two logs.
    OTL.txt (open on your desktop).
    Extras.txt (minimized in your taskbar)

    Please post me both logs
     
  4. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    Ok, thanks for that .Here are the logs

    OTL logfile created on: 23/10/2013 22:51:59 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\iza\Downloads
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.75 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 24.01% Memory free
    3.74 Gb Paging File | 1.69 Gb Available in Paging File | 45.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.05 Gb Total Space | 44.93 Gb Free Space | 32.31% Space Free | Partition Type: NTFS
    Drive D: | 9.00 Gb Total Space | 1.86 Gb Free Space | 20.62% Space Free | Partition Type: NTFS
    Drive E: | 695.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 1020.00 Mb Total Space | 1017.74 Mb Free Space | 99.78% Space Free | Partition Type: FAT32

    Computer Name: IZA-PC | User Name: iza | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/23 22:50:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\iza\Downloads\OTL.exe
    PRC - [2013/10/20 01:24:18 | 000,065,312 | ---- | M] (glindorus) -- C:\Program Files\glindorus\bin\utilglindorus.exe
    PRC - [2013/10/11 21:16:13 | 000,540,160 | ---- | M] () -- c:\ProgramData\SummerSoft\OptimizerPro\OptimizerPro.exe
    PRC - [2013/10/09 03:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
    PRC - [2013/10/09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2013/10/05 02:02:34 | 000,065,312 | ---- | M] (glindorus) -- C:\Program Files\glindorus\updateglindorus.exe
    PRC - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/09/10 12:52:28 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
    PRC - [2013/09/10 12:52:28 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
    PRC - [2013/08/12 06:56:16 | 001,635,048 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
    PRC - [2013/08/12 06:56:14 | 000,742,120 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    PRC - [2013/08/07 16:31:36 | 002,868,544 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\Umbrella.exe
    PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2013/07/22 03:19:48 | 000,337,432 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
    PRC - [2013/06/25 17:00:32 | 002,878,504 | ---- | M] (GamersFirst) -- C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe
    PRC - [2013/06/06 22:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
    PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2013/05/02 05:53:14 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
    PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2013/01/17 03:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
    PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/07/23 14:55:02 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
    PRC - [2008/06/02 18:57:40 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2008/06/02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    PRC - [2008/05/30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2008/05/23 09:50:10 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    PRC - [2008/05/23 09:50:04 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    PRC - [2008/05/14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    PRC - [2008/05/14 18:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    PRC - [2008/05/14 00:47:28 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
    PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    PRC - [2008/03/25 12:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007/08/28 21:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
    PRC - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    PRC - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/10/09 03:19:16 | 001,121,704 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
    MOD - [2013/10/09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
    MOD - [2013/10/09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
    MOD - [2013/10/09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
    MOD - [2013/10/09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
    MOD - [2013/10/06 14:27:24 | 000,857,600 | ---- | M] () -- c:\Program Files\Ss-Helper\psupport.dll
    MOD - [2013/09/28 15:11:50 | 001,895,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\020159058601062610ccc36da4656383\System.Web.Services.ni.dll
    MOD - [2013/09/10 23:20:56 | 020,625,832 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
    MOD - [2013/08/21 23:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files\Steam\SDL2.dll
    MOD - [2013/08/12 06:56:02 | 000,785,128 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
    MOD - [2013/06/15 00:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
    MOD - [2013/06/15 00:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
    MOD - [2013/06/15 00:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
    MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2013/05/12 22:14:28 | 017,996,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dbcea7c6574b18e66d93c9a26c8a9e57\System.ServiceModel.ni.dll
    MOD - [2013/05/12 22:13:55 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\71aec26781d7e59678f478eb0d829cca\System.Management.ni.dll
    MOD - [2013/05/12 22:13:51 | 001,072,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\def90d4c4629a38ce4be1126723c655a\System.IdentityModel.ni.dll
    MOD - [2013/05/12 22:12:10 | 000,148,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\79d036b23391ba31f328d8c665d19de7\System.Configuration.Install.ni.dll
    MOD - [2013/05/12 22:11:35 | 000,786,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b4b3499aefaf0be2481e26bf1b3cf05c\System.EnterpriseServices.ni.dll
    MOD - [2013/05/12 22:11:35 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b4b3499aefaf0be2481e26bf1b3cf05c\System.EnterpriseServices.Wrapper.dll
    MOD - [2013/05/12 22:11:34 | 000,646,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\05cdc2d6fb30991b33e4d8c275a3ef7c\System.Transactions.ni.dll
    MOD - [2013/05/12 22:11:33 | 001,020,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\1a84c3cbd223adb3230ccdbffba03344\System.Runtime.DurableInstancing.ni.dll
    MOD - [2013/05/12 22:11:32 | 000,142,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d9d6d360d09c77ca0e82f21c801bf4b0\SMDiagnostics.ni.dll
    MOD - [2013/05/12 22:11:31 | 002,637,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\933c05c80f64460a6c332ead830b4313\System.Runtime.Serialization.ni.dll
    MOD - [2013/05/12 22:11:26 | 001,781,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bc3b4596da878455664b10f8f5a3eea9\System.Xaml.ni.dll
    MOD - [2013/05/12 20:08:03 | 000,284,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4d910883d184867c46cbd22e55335bd\PresentationFramework.Classic.ni.dll
    MOD - [2013/05/12 20:07:52 | 013,137,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\81408cc3ba17ae98c1977f435a491e00\System.Windows.Forms.ni.dll
    MOD - [2013/05/12 20:07:25 | 017,671,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ff91a03e0ff9f9885b735db6734d568c\PresentationFramework.ni.dll
    MOD - [2013/05/12 20:07:00 | 011,106,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\942925bd6f724122cb4b3c71acbdcb04\PresentationCore.ni.dll
    MOD - [2013/05/12 20:06:43 | 003,798,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\39ad17570cd9b350f3191c46af747f0a\WindowsBase.ni.dll
    MOD - [2013/05/12 20:06:28 | 006,798,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9fea2a740d10da358757079ce9a25a8e\System.Data.ni.dll
    MOD - [2013/05/12 20:05:56 | 005,618,176 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ccaccea2516d5479f2267ed40ad51f2c\System.Xml.ni.dll
    MOD - [2013/05/12 20:05:47 | 000,980,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\666c9ef4162700495e504025c20caacd\System.Configuration.ni.dll
    MOD - [2013/05/12 20:05:41 | 007,054,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ca04626157aebf0f25378a2489d08d00\System.Core.ni.dll
    MOD - [2013/05/12 20:05:29 | 001,652,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5b5dbf8a469be467c6f3a1ef97ff22cd\System.Drawing.ni.dll
    MOD - [2013/05/12 20:05:24 | 009,085,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\4532468deac0fdeff26329333c7642b6\System.ni.dll
    MOD - [2013/05/12 19:43:17 | 014,408,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dc0b188b244ec4a4ccec59ac6f1620ad\mscorlib.ni.dll
    MOD - [2013/05/08 19:33:07 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
    MOD - [2013/05/08 19:33:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
    MOD - [2013/05/08 19:32:58 | 011,800,576 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
    MOD - [2013/05/08 19:31:13 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
    MOD - [2013/05/08 19:30:49 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
    MOD - [2013/05/08 19:30:34 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
    MOD - [2013/05/08 19:22:22 | 007,950,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
    MOD - [2013/05/08 19:22:04 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2012/04/26 23:38:30 | 020,758,016 | ---- | M] () -- C:\Users\iza\AppData\Local\GamersFirst\LIVE!\libcef.dll
    MOD - [2008/07/23 13:46:24 | 001,679,360 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3063.14741__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:24 | 000,253,952 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3063.14702__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:24 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3063.14754__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:24 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3063.14922__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:24 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3063.14889__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:24 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3063.14734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:24 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3063.14847__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:24 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3063.14721__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:23 | 000,483,328 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3063.14951__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:10 | 000,135,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3063.14957__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:10 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3063.14714__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:09 | 000,352,256 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3063.14897__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:09 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3063.14902__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:09 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3063.14896__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:09 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3063.14949__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,802,816 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3063.14855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,585,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3063.14766__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,479,232 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3063.14849__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,438,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3063.14722__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3063.14914__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:08 | 000,401,408 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3063.14883__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3063.14771__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2008/07/23 13:46:08 | 000,217,088 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3063.14760__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3063.14869__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008/07/23 13:46:08 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3063.14854__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3063.14848__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3063.14771__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3063.14854__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3063.14868__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3063.14882__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008/07/23 13:46:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008/07/23 13:46:08 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008/07/23 13:46:08 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008/07/23 13:46:08 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2008/07/23 13:46:08 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008/07/23 13:46:08 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008/07/23 13:46:07 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008/07/23 13:46:07 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008/07/23 13:46:07 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008/07/23 13:46:07 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008/07/23 13:46:07 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008/07/23 13:46:07 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008/07/23 13:46:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008/07/23 13:46:07 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008/07/23 13:46:06 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008/07/23 13:46:06 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
    MOD - [2008/07/23 13:46:06 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008/07/23 13:46:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008/07/23 13:46:06 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008/07/23 13:46:01 | 001,511,424 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3063.14709__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008/07/23 13:46:01 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3063.14728__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008/07/23 13:46:01 | 000,102,400 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3063.14943__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008/07/23 13:46:01 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3063.14694__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008/07/23 13:46:01 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3063.14941__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008/07/23 13:46:01 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3063.14967__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008/07/23 13:46:01 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3063.14942__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2008/07/23 13:46:01 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
    MOD - [2008/07/23 13:46:01 | 000,006,656 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3063.14693__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2008/07/23 13:46:00 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3063.14694__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008/07/23 13:46:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3063.14692__90ba9c70f846762e\APM.Server.dll
    MOD - [2008/07/23 13:46:00 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3063.14693__90ba9c70f846762e\AEM.Server.dll
    MOD - [2008/07/23 13:46:00 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008/05/21 12:48:56 | 000,024,576 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\AgtRes_l.dll
    MOD - [2008/05/21 10:38:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
    MOD - [2008/05/14 00:40:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/08/28 21:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
    MOD - [2007/08/28 21:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
    MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\PC Speed Up\PCSUService.exe -- (PCSUService)
    SRV - [2013/10/20 01:24:18 | 000,065,312 | ---- | M] (glindorus) [Auto | Running] -- C:\Program Files\glindorus\bin\utilglindorus.exe -- (Util glindorus)
    SRV - [2013/10/05 02:02:34 | 000,065,312 | ---- | M] (glindorus) [Auto | Running] -- C:\Program Files\glindorus\updateglindorus.exe -- (Update glindorus)
    SRV - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/09/06 21:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/08/12 06:56:14 | 000,742,120 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
    SRV - [2013/08/07 16:31:36 | 002,868,544 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\Umbrella.exe -- (SProtection)
    SRV - [2013/05/02 05:53:14 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
    SRV - [2008/07/23 14:55:02 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
    SRV - [2008/06/02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2008/05/30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2008/05/23 09:50:10 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
    SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2008/05/14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
    SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2008/04/29 00:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
    SRV - [2008/04/29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
    SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007/05/23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)
    SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
    SRV - [2007/02/13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
    SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva404.sys -- (XDva404)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva403.sys -- (XDva403)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva401.sys -- (XDva401)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys -- (FairplayKD)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - [2013/08/12 13:51:35 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2013/07/22 03:19:44 | 000,113,336 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2012/11/07 08:16:20 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
    DRV - [2012/11/07 08:16:20 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
    DRV - [2012/11/07 08:16:18 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
    DRV - [2011/11/10 18:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV - [2008/05/30 17:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2008/05/30 17:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2008/05/30 17:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2008/05/30 17:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2008/05/21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/04/29 00:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008/04/29 00:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
    DRV - [2008/04/29 00:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008/04/29 00:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
    DRV - [2008/04/29 00:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
    DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
    DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2008/04/07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
    DRV - [2008/04/07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/01/21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/03/02 22:17:34 | 000,120,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{ECBB4BD6-DEEF-4C34-94B8-BE7BC46E661E}: "URL" = http://slirsredirect.search.aol.com...archTerms}&invocationType=tb50hpcmnbie7-en-gb


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=all&pf=cmnb
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\..\SearchScopes\{ECBB4BD6-DEEF-4C34-94B8-BE7BC46E661E}: "URL" = http://slirsredirect.search.aol.com...archTerms}&invocationType=tb50hpcmnbie7-en-gb
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\iza\AppData\Local\Roblox\Versions\version-8049d9622c164956\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\iza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\windows\system32\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/19 22:22:05 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\happylyrics@hpyproductions.net: C:\Program Files\HappyLyrics\FF\

    [2013/10/18 20:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iza\AppData\Roaming\Mozilla\Extensions
    [2013/10/19 20:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iza\AppData\Roaming\Mozilla\Firefox\Profiles\894786sj.default\extensions
    [2013/10/18 22:16:47 | 000,007,523 | ---- | M] () (No name found) -- C:\Users\iza\AppData\Roaming\Mozilla\Firefox\Profiles\894786sj.default\extensions\firefox@glindorus.net.xpi
    [2013/10/18 18:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/10/18 18:41:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - homepage:
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjpmfombidbiadoceeionjfpafodhni\1.6\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjbfijeglcdlnlnhlkdhgjnlgmpehe\1.0.0_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.44_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjonpeiaiacbgfgemlchebljmfgjnmh\3.7_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonebondjnigdjfehefgmjbhglbcblao\1.0_0\
    CHR - Extension: No name found = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
    O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (DowwnLoad keeeper) - {39F5029A-459C-A08C-BF8A-625FBE476B83} - C:\ProgramData\DowwnLoad keeeper\Jt6Rwqk.dll ()
    O2 - BHO: (Happy Lyrics) - {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - C:\Program Files\HappyLyrics\hppylrc.dll File not found
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (glindorus) - {9598e82a-7e09-4438-b425-b9e9718c3c73} - C:\Program Files\glindorus\glindorusBHO.dll (glindorus)
    O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
    O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
    O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
    O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
    O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004..\Run: [Akamai NetSession Interface] File not found
    O4 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
    O4 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004..\Run: [Pando Media Booster] null\Pando Networks\Media Booster\PMB.exe File not found
    O4 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004..\Run: [PCSpeedUp] C:\Program Files\PC Speed Up\PCSUNotifier.exe File not found
    O4 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-21-2148498855-1236309947-737478955-1004..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D22213C-7E51-4A42-AA09-6637DB2300FD}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.316.dll (McAfee, Inc.)
    O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
    O20 - AppInit_DLLs: (apshook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
    O20 - AppInit_DLLs: (c:\progra~1\ss-hel~1\psupport.dll) - c:\Program Files\Ss-Helper\psupport.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\iza\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\iza\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/02/17 11:37:31 | 000,000,034 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{453b8ec8-b2af-11e2-a02c-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{453b8ec8-b2af-11e2-a02c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SUPERCD.EXE -- [2004/02/17 11:37:50 | 000,088,299 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/20 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Anvisoft
    [2013/10/20 16:58:17 | 000,022,864 | ---- | C] (Anvisoft) -- C:\windows\System32\drivers\asdrs.sys
    [2013/10/20 16:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
    [2013/10/20 16:58:16 | 000,016,208 | ---- | C] (Anvisoft) -- C:\windows\System32\drivers\asdrm.sys
    [2013/10/20 16:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
    [2013/10/20 16:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
    [2013/10/20 01:24:30 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Iminent
    [2013/10/20 01:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
    [2013/10/19 20:37:13 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\AVAST Software
    [2013/10/19 20:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/10/19 20:30:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/10/19 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\MFAData
    [2013/10/19 20:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/10/19 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Avg2014
    [2013/10/19 20:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/10/18 18:53:07 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Mozilla
    [2013/10/18 18:53:07 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Mozilla
    [2013/10/18 18:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/10/18 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/10/17 22:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive
    [2013/10/17 21:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2013/10/16 18:36:45 | 000,000,000 | ---D | C] -- C:\windows\System32\Adobe
    [2013/10/16 15:57:00 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2 Demo
    [2013/10/16 15:57:00 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 Demo
    [2013/10/16 14:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
    [2013/10/16 14:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
    [2013/10/16 14:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
    [2013/10/16 14:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
    [2013/10/16 14:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\glindorus
    [2013/10/16 13:28:03 | 000,000,000 | ---D | C] -- C:\Users\iza\.onlineboxing3d
    [2013/10/16 13:27:37 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\boxing3d
    [2013/10/16 13:08:38 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\System32\drivers\hardlock.sys
    [2013/10/16 13:06:46 | 001,060,864 | --S- | C] (Microsoft Corporation) -- C:\windows\System32\mfc71.dll
    [2013/10/16 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Spirited_Machine
    [2013/10/16 00:10:48 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Spirited Machine
    [2013/10/15 23:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spirited Machine
    [2013/10/15 23:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArmA II Launcher
    [2013/10/15 18:37:07 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\ARMA 2 Operation Arrowhead
    [2013/10/15 13:51:19 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2 OA Demo
    [2013/10/15 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 OA DEMO
    [2013/10/15 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2
    [2013/10/15 00:28:20 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2 Other Profiles
    [2013/10/14 22:18:28 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArmA 2
    [2013/10/14 17:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
    [2013/10/14 17:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
    [2013/10/13 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 OA
    [2013/10/12 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\CastleMinerZ
    [2013/10/12 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\DigitalDNA Games
    [2013/10/12 22:30:33 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalDNA Games
    [2013/10/12 22:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
    [2013/10/12 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmaAddonSync2009
    [2013/10/12 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Yoma_Tools
    [2013/10/12 20:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YomaTools
    [2013/10/12 20:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\YomaTools
    [2013/10/12 18:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Quadriga Games
    [2013/10/12 13:51:13 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\Garry's Mod
    [2013/10/11 21:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2013/10/11 21:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
    [2013/10/11 21:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ss-Helper
    [2013/10/11 21:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DowwnLoad keeeper
    [2013/10/11 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2013/10/10 22:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2013/10/10 22:26:55 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Google
    [2013/10/10 22:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 8
    [2013/10/10 22:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
    [2013/10/10 22:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
    [2013/10/10 20:12:23 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Quadriga Games
    [2013/10/10 20:12:06 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
    [2013/10/10 20:12:06 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
    [2013/10/10 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\1-click run
    [2013/10/08 18:23:28 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\TeamViewer
    [2013/10/08 18:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2013/10/06 12:40:48 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
    [2013/10/06 11:21:52 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\PointBlank
    [2013/10/06 01:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
    [2013/10/06 01:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tahadi Games
    [2013/10/06 01:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Tahadi Games
    [2013/10/06 01:02:09 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\GamersFirst LIVE!
    [2013/10/06 00:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
    [2013/10/06 00:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
    [2013/10/05 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Warrock EU
    [2013/10/05 23:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
    [2013/10/05 23:33:58 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
    [2013/10/05 23:33:44 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\GamersFirst
    [2013/10/05 18:54:48 | 000,000,000 | ---D | C] -- C:\AeriaGames
    [2013/10/05 14:04:46 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Aeria Games
    [2013/10/05 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Akamai
    [2013/10/05 14:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
    [2013/10/05 14:01:39 | 000,000,000 | -HSD | C] -- C:\windows\System32\AI_RecycleBin
    [2013/10/05 14:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Aeria Games
    [2013/10/05 14:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
    [2013/10/04 23:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.5
    [2013/10/04 23:14:31 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\windows\System32\D3DX81ab.dll
    [2013/10/04 23:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
    [2013/10/04 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\My Cheat Tables
    [2013/10/04 23:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
    [2013/10/01 14:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Torrentz
    [2013/09/30 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\MTA San Andreas 1.3
    [2013/09/29 15:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MTA San Andreas All
    [2013/09/29 13:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Mod Installer
    [2013/09/29 13:45:11 | 000,000,000 | ---D | C] -- C:\windows\San Andreas Mod Installer
    [2013/09/29 13:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\San Andreas Mod Installer
    [2013/09/26 22:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME
    [2013/09/26 13:39:15 | 000,000,000 | ---D | C] -- C:\windows\System32\directx
    [2013/09/26 13:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribblenauts Unmasked
    [2013/09/26 12:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5th Cell Media
    [2013/09/24 23:15:48 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\EA Games
    [2013/09/24 00:00:59 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2
    [2013/09/24 00:00:58 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 Free
    [2013/09/23 23:59:34 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
    [2013/09/23 23:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/10/23 22:38:19 | 000,668,940 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2013/10/23 22:38:19 | 000,133,356 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2013/10/23 22:35:36 | 000,000,414 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{83CD2159-3CC1-4F4F-B7FA-20A7B75D19BE}.job
    [2013/10/23 22:31:14 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/23 22:30:43 | 000,000,644 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/10/23 22:30:20 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Happy Lyrics Update.job
    [2013/10/23 22:30:18 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/23 22:30:18 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/23 22:30:14 | 000,000,324 | ---- | M] () -- C:\windows\tasks\dsmonitor.job
    [2013/10/23 22:30:12 | 000,000,460 | -H-- | M] () -- C:\windows\tasks\OptimizerPro-S-480333868.job
    [2013/10/23 22:30:10 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
    [2013/10/23 22:29:52 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
    [2013/10/23 22:29:52 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
    [2013/10/23 22:29:48 | 008,405,015 | ---- | M] () -- C:\windows\TempFile
    [2013/10/23 22:29:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/10/22 00:20:04 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/20 22:29:55 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/10/20 16:58:17 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
    [2013/10/20 01:20:22 | 000,000,312 | ---- | M] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
    [2013/10/18 01:16:54 | 000,335,550 | ---- | M] () -- C:\Users\iza\AppData\Local\census.cache
    [2013/10/18 01:16:05 | 000,196,571 | ---- | M] () -- C:\Users\iza\AppData\Local\ars.cache
    [2013/10/18 00:08:09 | 000,000,036 | ---- | M] () -- C:\Users\iza\AppData\Local\housecall.guid.cache
    [2013/10/16 15:17:32 | 000,070,004 | ---- | M] () -- C:\Users\iza\Desktop\TeenageMutantNinjaPuppets.zip
    [2013/10/16 14:50:05 | 000,000,073 | ---- | M] () -- C:\Users\iza\onlineboxing3dgame.properties
    [2013/10/16 14:40:56 | 000,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Addon Sync 2009.lnk
    [2013/10/16 14:04:25 | 000,000,596 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
    [2013/10/16 01:28:04 | 000,000,616 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/10/15 23:58:34 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\ArmA II Launcher.lnk
    [2013/10/14 23:57:56 | 000,009,707 | ---- | M] () -- C:\windows\System32\Config.MPF
    [2013/10/14 23:57:52 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
    [2013/10/14 17:33:31 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2013/10/12 23:35:45 | 011,649,024 | ---- | M] () -- C:\Users\iza\Desktop\ffb7219618e24d57a9a0962c8a3ac9170 (1)
    [2013/10/10 22:23:14 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\SketchUp 8.lnk
    [2013/10/10 00:57:36 | 000,024,323 | ---- | M] () -- C:\Users\iza\Desktop\1239758_1399579076935295_765875614_n.jpg
    [2013/10/10 00:56:16 | 000,043,283 | ---- | M] () -- C:\Users\iza\Desktop\skeleton_middle_finger1.jpg
    [2013/10/09 23:34:35 | 000,001,722 | -H-- | M] () -- C:\Users\iza\Documents\Default.rdp
    [2013/10/09 15:51:16 | 000,383,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [2013/10/08 18:19:04 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/10/06 01:08:54 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\PointBlank.lnk
    [2013/10/06 00:11:15 | 000,000,182 | ---- | M] () -- C:\Users\Public\Desktop\WarRock.url
    [2013/10/05 23:33:58 | 000,000,990 | ---- | M] () -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    [2013/10/05 23:33:58 | 000,000,960 | ---- | M] () -- C:\Users\iza\Desktop\GamersFirst LIVE!.lnk
    [2013/10/05 14:01:30 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
    [2013/10/05 13:48:59 | 000,000,104 | ---- | M] () -- C:\Users\iza\Desktop\Recycle Bin.lnk
    [2013/10/04 23:14:33 | 000,000,792 | ---- | M] () -- C:\Users\iza\Desktop\Cheat Engine.lnk
    [2013/10/01 00:45:03 | 000,000,446 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/09/30 20:46:32 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
    [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/10/20 16:58:17 | 000,014,160 | ---- | C] () -- C:\windows\System32\drivers\asdws.sys
    [2013/10/20 16:58:17 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
    [2013/10/18 01:16:54 | 000,335,550 | ---- | C] () -- C:\Users\iza\AppData\Local\census.cache
    [2013/10/18 01:16:05 | 000,196,571 | ---- | C] () -- C:\Users\iza\AppData\Local\ars.cache
    [2013/10/18 00:08:09 | 000,000,036 | ---- | C] () -- C:\Users\iza\AppData\Local\housecall.guid.cache
    [2013/10/16 15:17:04 | 000,070,004 | ---- | C] () -- C:\Users\iza\Desktop\TeenageMutantNinjaPuppets.zip
    [2013/10/16 14:04:10 | 000,000,596 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
    [2013/10/16 14:02:16 | 000,000,312 | ---- | C] () -- C:\windows\tasks\PC SpeedUp Service Deactivator.job
    [2013/10/16 13:30:39 | 000,000,073 | ---- | C] () -- C:\Users\iza\onlineboxing3dgame.properties
    [2013/10/16 13:09:13 | 008,405,015 | ---- | C] () -- C:\windows\TempFile
    [2013/10/16 13:06:47 | 000,860,211 | --S- | C] () -- C:\windows\System32\XSIFtk-3.6.2.1.dll
    [2013/10/15 23:58:34 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\ArmA II Launcher.lnk
    [2013/10/14 17:33:31 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
    [2013/10/12 23:36:05 | 011,649,024 | ---- | C] () -- C:\Users\iza\Desktop\ffb7219618e24d57a9a0962c8a3ac9170 (1)
    [2013/10/12 20:08:16 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Addon Sync 2009.lnk
    [2013/10/11 21:16:13 | 000,000,460 | -H-- | C] () -- C:\windows\tasks\OptimizerPro-S-480333868.job
    [2013/10/10 22:23:14 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\SketchUp 8.lnk
    [2013/10/10 22:09:34 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
    [2013/10/10 22:09:34 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
    [2013/10/10 22:09:34 | 000,152,064 | ---- | C] () -- C:\windows\System32\xvid.ax
    [2013/10/10 00:57:36 | 000,024,323 | ---- | C] () -- C:\Users\iza\Desktop\1239758_1399579076935295_765875614_n.jpg
    [2013/10/10 00:56:16 | 000,043,283 | ---- | C] () -- C:\Users\iza\Desktop\skeleton_middle_finger1.jpg
    [2013/10/09 23:01:02 | 000,001,722 | -H-- | C] () -- C:\Users\iza\Documents\Default.rdp
    [2013/10/08 18:19:04 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
    [2013/10/08 18:19:04 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2013/10/06 01:08:54 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\PointBlank.lnk
    [2013/10/06 00:11:15 | 000,000,182 | ---- | C] () -- C:\Users\Public\Desktop\WarRock.url
    [2013/10/05 23:33:58 | 000,000,990 | ---- | C] () -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
    [2013/10/05 23:33:58 | 000,000,960 | ---- | C] () -- C:\Users\iza\Desktop\GamersFirst LIVE!.lnk
    [2013/10/05 14:01:30 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
    [2013/10/05 13:48:59 | 000,000,104 | ---- | C] () -- C:\Users\iza\Desktop\Recycle Bin.lnk
    [2013/10/04 23:14:33 | 000,000,792 | ---- | C] () -- C:\Users\iza\Desktop\Cheat Engine.lnk
    [2013/10/04 23:14:31 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
    [2013/09/30 20:46:32 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk
    [2013/07/22 23:58:58 | 000,000,680 | ---- | C] () -- C:\Users\iza\AppData\Local\d3d9caps.dat
    [2013/05/02 12:46:04 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
    [2013/05/02 12:46:03 | 000,106,605 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
    [2013/05/01 23:39:50 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 03:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/09/10 17:18:05 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\.minecraft
    [2013/10/20 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Anvisoft
    [2013/10/19 20:37:13 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\AVAST Software
    [2013/08/21 21:21:31 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Bioshock
    [2013/08/12 14:19:48 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\DAEMON Tools Lite
    [2013/08/25 00:14:15 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\FixCleaner
    [2013/09/06 22:51:51 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\fltk.org
    [2013/10/20 01:24:30 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Iminent
    [2013/05/16 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\InterVideo
    [2013/09/19 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\MotioninJoy
    [2013/08/27 15:18:15 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\MW3 FoV Changer
    [2013/10/16 00:10:48 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Spirited Machine
    [2013/10/09 22:45:25 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\TeamViewer
    [2013/05/19 22:18:40 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Uniblue
    [2013/05/18 16:40:19 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Unity
    [2013/10/20 01:14:59 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
    @Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

    < End of report >




    OTL Extras logfile created on: 23/10/2013 22:51:59 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\iza\Downloads
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.75 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 24.01% Memory free
    3.74 Gb Paging File | 1.69 Gb Available in Paging File | 45.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.05 Gb Total Space | 44.93 Gb Free Space | 32.31% Space Free | Partition Type: NTFS
    Drive D: | 9.00 Gb Total Space | 1.86 Gb Free Space | 20.62% Space Free | Partition Type: NTFS
    Drive E: | 695.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 1020.00 Mb Total Space | 1017.74 Mb Free Space | 99.78% Space Free | Partition Type: FAT32

    Computer Name: IZA-PC | User Name: iza | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2148498855-1236309947-737478955-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{64EF3FBE-7897-4AB3-807C-D19D9B18B28E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{D70C6D2D-14AF-4688-A726-13381EBD1859}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{D7B989A0-A624-4134-ACF1-B4D70248E3B7}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0969ED13-2E1B-4639-AFCF-A91C0464538F}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 demo\arma2demo.exe |
    "{130A7EA5-D20F-43E2-9262-8A62C596D310}" = protocol=6 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
    "{235E93EE-F6F2-49D8-8513-CEC62B0E3A01}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe |
    "{3431F158-217E-4C73-9C38-2BD53873285B}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 demo\arma2demo.exe |
    "{37D148B0-2673-4302-946C-7E478B885F17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
    "{3DC94B2B-9DCC-4583-8CD3-CED11F52F370}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe |
    "{3EDAF54F-7C98-4CED-AE07-74330C04C8C2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{41D7550D-3B58-44D4-B7DD-5EE75473EBF0}" = protocol=17 | dir=in | app=c:\program files\tahadi games\pointblank\pointblank.exe |
    "{455AAFE8-4FC1-4274-9422-CA09E05DC7B8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{4567C814-7276-4AEC-84BE-75B4BFD96B59}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe |
    "{5245C2AC-F35A-4E79-95A3-71645FC86656}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
    "{5797C31F-F616-4577-815D-B33F2F5D90DC}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe |
    "{6242029F-7318-43EF-A348-DC6FAB3A8F7F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{67AC8050-B003-4877-AFC6-5BDD126E5274}" = protocol=17 | dir=in | app=c:\games\scribblenauts unmasked a dc comics adventure\scribble.exe |
    "{69B53EB3-22E2-4D27-AF94-F88A8DBE398E}" = protocol=17 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
    "{76A321D2-F23B-4942-BFC3-44E42661DF68}" = protocol=6 | dir=in | app=c:\games\scribblenauts unmasked a dc comics adventure\scribble.exe |
    "{7E2E124C-4ACC-496C-8DDE-5B580CE94A4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\source sdk base 2007\hl2.exe |
    "{A20BBA7E-9A2E-434E-B39B-D6C618DF2EBC}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
    "{AF2EAB0F-523C-4578-8984-D64EC936114C}" = protocol=6 | dir=in | app=c:\program files\tahadi games\pointblank\pointblank.exe |
    "{B133FFDD-301A-4410-9A88-18835BC36506}" = protocol=6 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
    "{B4F7DFAE-12A3-4B54-95EC-6A684ECBD4C8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\source sdk base 2007\hl2.exe |
    "{B5FC8974-E5EE-4483-BB3D-972DA0826C2E}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
    "{B84E0F36-6B65-466D-A479-5BA7C9A26030}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
    "{BA1EED55-1D39-4853-BA78-DEB8EDA480A0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{BB17B6E2-EE79-48EB-BD16-CA62E384664F}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
    "{BB3ACA3D-67ED-4096-8925-F2452EB64242}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
    "{CC2FA603-44D9-421A-9F13-BEA7F4A1068E}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
    "{D6180919-3A3F-4185-ADA3-2C89AF89741C}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
    "{DC595585-E714-4969-B9A4-577E4D87C2A1}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
    "{DFEDC94A-967D-4ABF-B27E-37D2EC3054AC}" = protocol=17 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
    "{EF362F44-0232-42AE-B110-17FB6233FD35}" = protocol=6 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
    "{F0BEBA28-EDC8-43B8-8D01-64A2C187EAEE}" = dir=in | app=null\pando networks\media booster\pmb.exe |
    "{F2E2477A-BE4A-47F3-98AE-44B7602E119A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{F3F071C8-5F06-4B83-826E-E75EDDEA8A67}" = dir=in | app=c:\program files\iminent\iminent.exe |
    "{F5A53108-8FC6-4383-AE97-EA4D70212F89}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{FCB9C15F-B1C3-4F4C-8958-C836EAF89E3F}" = protocol=17 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
    "{FFA742D6-5864-4ACF-AB10-0CB367DCF6EE}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
    "TCP Query User{0C8B4D28-4182-44B5-AF88-826388B78986}C:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe |
    "TCP Query User{18B7533B-C4D3-457D-8520-A8422637754B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{2BF56D3F-8FB0-4096-BD5F-6E7A2678CAC4}C:\games\dishonored nosteam\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\games\dishonored nosteam\binaries\win32\dishonored.exe |
    "TCP Query User{3E879BDD-B14F-4A28-83B1-A3B73DC069B6}C:\games\gta san andreas\proxy_sa.exe" = protocol=6 | dir=in | app=c:\games\gta san andreas\proxy_sa.exe |
    "TCP Query User{4999F9D3-406C-4FD2-9590-109E94C3DA14}C:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat" = protocol=6 | dir=in | app=c:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat |
    "TCP Query User{4B9ADC66-FC55-441C-B260-47ADF5080D60}C:\users\iza\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\iza\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{4BC6354C-BB7F-4344-B204-31600004DAD4}C:\program files\arma 2\arma2.exe" = protocol=6 | dir=in | app=c:\program files\arma 2\arma2.exe |
    "TCP Query User{4C82DA05-BE3E-4BDE-B1CC-B6E394182840}C:\users\iza\desktop\garry's mod\hl2.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\garry's mod\hl2.exe |
    "TCP Query User{521235CE-EF11-426C-861A-210E30D159D7}C:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=c:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe |
    "TCP Query User{55AA17BF-5D49-494C-BCF0-B2629E8E36AD}C:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe |
    "TCP Query User{5A1365AC-3822-4A4E-9CB3-C025295B9604}C:\games\payday 2 beta\payday2_win32_release.exe" = protocol=6 | dir=in | app=c:\games\payday 2 beta\payday2_win32_release.exe |
    "TCP Query User{7CF118F9-B06E-4C24-97C5-D500B788121D}C:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe" = protocol=6 | dir=in | app=c:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe |
    "TCP Query User{8C457147-9E5D-49B4-AF37-95233C42D265}C:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe |
    "TCP Query User{A307BF4D-B391-4D12-9B66-91AED9CEE4FD}C:\program files\arma 2\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\arma 2\arma2oa.exe |
    "TCP Query User{A75BBB4C-5EC3-43D2-9F0C-3015742E9BA4}C:\users\iza\desktop\boxing3d\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\boxing3d\jre6\bin\java.exe |
    "TCP Query User{B3E439A8-6B54-4831-ABAE-E2C782BA048B}C:\users\iza\downloads\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\users\iza\downloads\counter-strike\hl.exe |
    "TCP Query User{CB70C4AF-7561-4B75-8931-29AE530304B5}C:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe |
    "TCP Query User{D8662BB2-A56E-4BB8-9918-5499A7540DB3}C:\program files\arma 2\arma2oaserver.exe" = protocol=6 | dir=in | app=c:\program files\arma 2\arma2oaserver.exe |
    "TCP Query User{FD75B0BF-529F-431F-8F1F-61F2F2E7F76B}C:\users\iza\desktop\downloaded games\utorrent.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
    "UDP Query User{025F768A-92C4-4782-97ED-E26A80CBCE69}C:\users\iza\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\iza\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{08E40B5E-9131-407E-8B4F-6F71E093BD5D}C:\users\iza\desktop\downloaded games\utorrent.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
    "UDP Query User{196492E3-5F59-4AF6-9E27-2EC80C8C621B}C:\games\dishonored nosteam\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\games\dishonored nosteam\binaries\win32\dishonored.exe |
    "UDP Query User{2A9CC8AF-D811-4350-88A5-C4DCF12D9305}C:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe |
    "UDP Query User{3A0B625E-C74D-49AA-9AB6-DD06E8BAA4D5}C:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat" = protocol=17 | dir=in | app=c:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat |
    "UDP Query User{4C287850-3AAB-48F9-9C05-FC99EBD50D07}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{515F9EA3-1185-4B26-A075-F8113E131938}C:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=c:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe |
    "UDP Query User{5FBCF63E-6ECA-4C0A-B79E-8176F26D8308}C:\program files\arma 2\arma2oaserver.exe" = protocol=17 | dir=in | app=c:\program files\arma 2\arma2oaserver.exe |
    "UDP Query User{68055253-8135-487F-8C60-38BCB936D4CE}C:\program files\arma 2\arma2.exe" = protocol=17 | dir=in | app=c:\program files\arma 2\arma2.exe |
    "UDP Query User{695673B9-18DC-4CEF-8955-3FDB9AF2D708}C:\users\iza\desktop\garry's mod\hl2.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\garry's mod\hl2.exe |
    "UDP Query User{6C4DAB9D-903A-4353-BE21-24273392BC6A}C:\games\payday 2 beta\payday2_win32_release.exe" = protocol=17 | dir=in | app=c:\games\payday 2 beta\payday2_win32_release.exe |
    "UDP Query User{7847512B-698A-4600-B683-704288AA188B}C:\program files\arma 2\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\arma 2\arma2oa.exe |
    "UDP Query User{8588E711-DF70-430D-863E-10D4674FDAD2}C:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe |
    "UDP Query User{88501D9D-1D72-4316-8A00-B731C9CF3B53}C:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe" = protocol=17 | dir=in | app=c:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe |
    "UDP Query User{B0C43906-FAE4-41BA-9E73-7CA0E8BD403F}C:\games\gta san andreas\proxy_sa.exe" = protocol=17 | dir=in | app=c:\games\gta san andreas\proxy_sa.exe |
    "UDP Query User{D701E9C8-2059-42BB-BDE5-3BED15434401}C:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe |
    "UDP Query User{E0A7C098-FEBE-43E4-944F-21BB13DA71D1}C:\users\iza\downloads\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\users\iza\downloads\counter-strike\hl.exe |
    "UDP Query User{E82A0350-5DF2-485F-84CF-1A66690B3199}C:\users\iza\desktop\boxing3d\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\boxing3d\jre6\bin\java.exe |
    "UDP Query User{FEDB3BED-8CA5-4A6A-A6DA-6651B7314185}C:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
    "{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
    "{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
    "{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
    "{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
    "{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
    "{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
    "{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
    "{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
    "{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
    "{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
    "{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
    "{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0005
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
    "{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
    "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
    "{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1" = Call of Duty Black Ops 2
    "{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
    "{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
    "{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
    "{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
    "{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
    "{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
    "{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
    "{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
    "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
    "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
    "{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
    "{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
    "{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
    "{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}" = Iminent
    "{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
    "{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
    "{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950
    "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
    "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
    "{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
    "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
    "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
    "{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
    "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
    "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
    "{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
    "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
    "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
    "{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
    "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
    "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
    "{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
    "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
    "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
    "{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
    "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
    "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
    "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
    "{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
    "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
    "{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
    "{967E55B4-6DDD-4A2F-BFC7-07F1E327971E}_is1" = 7 Days to Die - Alpha version 0.9.1
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
    "{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
    "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
    "{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
    "{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
    "{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
    "{ACE9FB2A-31A5-4285-9510-43F1636EAB21}" = EasyLife Gadget
    "{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
    "{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
    "{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
    "{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
    "{BC9BDD06-5674-4FAB-A30F-559C2DB171CA}" = UK-Info 2004 SE
    "{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
    "{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
    "{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
    "{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
    "{C1A27135-69EB-8D44-7358-34727DD7B820}" = DowwnLoad keeeper
    "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
    "{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
    "{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
    "{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
    "{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
    "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EACFCDA4-3286-4DEB-92D8-53006239F347}" = ArmA II Launcher
    "{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
    "{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
    "{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
    "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
    "{FE2D627E-D7E0-46EA-93A6-8583420285FA}" = Aeria Ignite
    "{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
    "7-Zip" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Aeria Ignite" = Aeria Ignite
    "Aeria Ignite 1.13.3296" = Aeria Ignite
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Anvi Smart Defender" = Anvi Smart Defender 1.9.2
    "AOL Toolbar" = AOL Toolbar 5.0
    "ArmA 2" = ArmA 2 Free Uninstall
    "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
    "ArmA2 Demo" = ArmA2 Demo Uninstall
    "ArnA 2: Combined Operations" = ArnA 2: Combined Operations
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BattlEye A2 Free" = BattlEye (A2Free) Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "BLACKSHADES" = Black Shades (remove only)
    "Cheat Engine 5.5_is1" = Cheat Engine 5.5
    "Cheat Engine 6.3_is1" = Cheat Engine 6.3
    "Cross Fire_is1" = Cross Fire En
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Die Polizei" = Police Force
    "DivX Setup" = DivX Setup
    "eMule" = eMule
    "F.E.A.R. Online" = F.E.A.R. Online
    "Family Guy Back to the Multiverse_is1" = Family Guy Back to the Multiverse
    "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
    "glindorus" = glindorus 1.0.0
    "Google Chrome" = Google Chrome
    "happylyrics@hpyproductions.net" = Happy Lyrics
    "IMBoosterARP" = Iminent
    "McAfee Managed Firewall" = McAfee Firewall Protection Service
    "McAfee SiteAdvisor" = McAfee Browser Protection Service
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Minecraft1.5.2" = Minecraft1.5.2
    "MTA:SA 1.3" = MTA:SA v1.3.4
    "MVS" = McAfee Virus and Spyware Protection Service
    "PCSU-SL_is1" = PC Speed Up
    "PDF Complete" = PDF Complete
    "PointBlank_is1" = PointBlank
    "Police Force 22" = Police Force 2
    "Police Pursuit Mod 7.6d 7.6d" = Police Pursuit Mod 7.6d 7.6d
    "Police Simulator 2" = Police Simulator 2
    "PowerISO" = PowerISO
    "PROHYBRIDR" = 2007 Microsoft Office system
    "S-480333868" = OptimizerPro
    "San Andreas First Response v2.0" = San Andreas First Response v2.0
    "San Andreas Mod Installer1.1" = San Andreas Mod Installer
    "San Andreas Police Department First Response v2.5" = San Andreas Police Department First Response v2.5
    "Scribblenauts Unmasked A DC Comics Adventure_is1" = Scribblenauts Unmasked A DC Comics Adventure
    "SP_d6949b33" = Ss-Helper 1.74
    "Steam App 17500" = Zombie Panic Source
    "Steam App 215" = Source SDK Base 2006
    "Steam App 33970" = Arma 2: Operation Arrowhead Demo
    "Sumotori Full Version" = Sumotori Full Version
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamViewer 8" = TeamViewer 8
    "uTorrent" = µTorrent
    "Warrock EU" = WarRock
    "WinRAR archiver" = WinRAR 5.00 (32-bit)
    "Xvid Video Codec 1.3.1" = Xvid Video Codec
    "Zombie Panic!_is1" = Zombie Panic! 0.91a

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2148498855-1236309947-737478955-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for iza
    "97f28be79b4a4109" = CastleMiner Z
    "Akamai" = Akamai NetSession Interface
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 19/10/2013 11:44:58 | Computer Name = iza-PC | Source = Application Hang | ID = 1002
    Description = The program arma2free.exe version 1.10.80.665 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1310 Start Time: 01ceccd65c6f49e0 Termination Time: 6245

    Error - 19/10/2013 15:27:03 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19/10/2013 15:30:33 | Computer Name = iza-PC | Source = VSS | ID = 8194
    Description =

    Error - 19/10/2013 19:03:00 | Computer Name = iza-PC | Source = EventSystem | ID = 4609
    Description =

    Error - 19/10/2013 19:04:00 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19/10/2013 20:02:16 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19/10/2013 20:21:11 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19/10/2013 20:24:51 | Computer Name = iza-PC | Source = Iminent | ID = 0
    Description =

    Error - 20/10/2013 11:44:05 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 23/10/2013 17:30:05 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 20/10/2013 11:44:05 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 20/10/2013 11:44:05 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 20/10/2013 11:44:59 | Computer Name = iza-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =

    Error - 21/10/2013 14:53:34 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 21/10/2013 20:38:19 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 23/10/2013 17:29:36 | Computer Name = iza-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 01:44:34 on 22/10/2013 was unexpected.

    Error - 23/10/2013 17:29:45 | Computer Name = iza-PC | Source = HTTP | ID = 15016
    Description =

    Error - 23/10/2013 17:30:05 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 23/10/2013 17:30:05 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 23/10/2013 17:31:15 | Computer Name = iza-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
    Description =


    < End of report >
     
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi tali1,

    Ouch, you’ve got a lot of infection and a large collection of software that you probably don’t use, just taking up space and using resources. It’s no doubt you are sloooooooow.

    It may take some time to get you cleaned up so if you can bare with me we should be able to help your performance a great deal.
    I have looked over the OTL log and found 17 infections, 30 suspicious files?? And 32 programs that run all the time, un-necessarily, after boot taking up memory and using resources.

    While I am helping you, please follow these rules:

    DO NOT run any other fix or removal tools unless instructed to do so!
    DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.

    Start with these:

    -Security Check-

    Download Security Check by screen317.
    Save it to your Desktop.

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    --AdwCleaner--

    Please download AdwCleaner by Xplode to your Desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
    • A log file will automatically open after the scan has finished.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).



    [​IMG] —Junkware Removal Tool--

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.


    Please post the 3 Logs in your next reply so I can look them over and determine what we will need to do next..

    Also give me a little run down on how it’s working and any problems you are having.

    Thanks,
    2oG
     
  6. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    Here are logs.Yesterday i disabled extensions in chrome - and that has helped somewhat.I did that because Google Drive was having specfic problem in that it was not allowing search and then "turning into text".Oddly my other laptop has started to do this - just after it was fixed on first one.

    Results of screen317's Security Check version 0.99.74
    Windows Vista Service Pack 1 x86 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    McAfee Virus and Spyware Protection Service
    Spybot - Search & Destroy
    Java(TM) 6 Update 6
    HP JavaCard for HP ProtectTools
    Java version out of Date!
    Google Chrome 30.0.1599.101
    Google Chrome 30.0.1599.69
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSASCui.exe
    Spybot Teatimer.exe is disabled!
    McAfee Managed VirusScan Agent myAgtSvc.Exe
    McAfee Managed VirusScan Agent myAgtTry.exe
    Anvisoft Anvi Smart Defender ASDSrv.exe
    Windows Defender MSASCui.exe
    Anvisoft Anvi Smart Defender ASDTray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 18 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````



    # AdwCleaner v3.010 - Report created 24/10/2013 at 22:39:26
    # Updated 20/10/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
    # Username : iza - IZA-PC
    # Running from : C:\Users\iza\Downloads\adwcleaner (1).exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : pcsuservice
    Service Deleted : SProtection
    [#] Service Deleted : Update glindorus
    [#] Service Deleted : Util glindorus

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Iminent
    Folder Deleted : C:\ProgramData\DowwnLoad keeeper
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
    Folder Deleted : C:\Program Files\glindorus
    Folder Deleted : C:\Program Files\Iminent
    Folder Deleted : C:\Program Files\Uniblue\DriverScanner
    Folder Deleted : C:\Program Files\Common Files\Umbrella
    Folder Deleted : C:\Users\iza\AppData\Roaming\Iminent
    Folder Deleted : C:\Users\iza\AppData\Roaming\Uniblue\DriverScanner
    File Deleted : C:\windows\Tasks\PC SpeedUp Service Deactivator.job
    File Deleted : C:\windows\System32\Tasks\PC SpeedUp Service Deactivator

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [happylyrics@hpyproductions.net]
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FF5B022-57F0-4D5C-80A8-48D841D9536C}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FF5B022-57F0-4D5C-80A8-48D841D9536C}
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_d6949b33
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9598E82A-7E09-4438-B425-B9E9718C3C73}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9598E82A-7E09-4438-B425-B9E9718C3C73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\OptimizerPro
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Umbrella
    Key Deleted : HKLM\Software\Uniblue\DriverScanner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1
    Key Deleted : HKLM\Software\Classes\Installer\Features\B05CCF18F0593604E8A49DC9AAF4BBF1
    Key Deleted : HKLM\Software\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6001.18639


    -\\ Mozilla Firefox v

    -\\ Google Chrome v30.0.1599.101

    [ File : C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [18176 octets] - [24/10/2013 22:37:04]
    AdwCleaner[S0].txt - [18333 octets] - [24/10/2013 22:39:26]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18394 octets] ##########





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:2)
    OS: Windows Vista (TM) Home Basic x86
    Ran by iza on 24/10/2013 at 22:56:11.94
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values




    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ECBB4BD6-DEEF-4C34-94B8-BE7BC46E661E}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ECBB4BD6-DEEF-4C34-94B8-BE7BC46E661E}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF}



    ~~~ Files

    Successfully deleted: [File] C:\windows\System32\Tasks\Happy Lyrics Update
    Successfully deleted: [File] C:\windows\System32\Tasks\dsmonitor
    Successfully deleted: [File] C:\windows\Tasks\Happy Lyrics Update.job
    Successfully deleted: [File] C:\windows\Tasks\dsmonitor.job
    Successfully deleted: [File] "C:\Users\iza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\iza\AppData\Roaming\fixcleaner"
    Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
    Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\iza\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/10/2013 at 23:12:56.64
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I will have to go through the Logs and dig out the "Bad" guys:) that will take a little time and I may not get back to you until tomorrow.

    Don't see any signs of a rootkit but we may check that out.
    Mostly Iminant brings in a lot of Adware and the fact that your Java is out of date will bring in exploits and foistware....

    I'll get back to you after I have gone over the logs and figure out what needs to be done...

    2oG
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi Tali1,
    Please do the following:

    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until pre-scan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


    Please paste the logs in your next reply.



    Run OTL Script

    I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

    Double-click OTL.exe to start the program.

    Copy and Paste the following code into the [​IMG]text box.

    Code:
    
    :OTL
    PRC - [2013/09/10 12:52:28 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe
    PRC - [2013/09/10 12:52:28 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe
    PRC - [2013/08/07 16:31:36 | 002,868,544 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\Umbrella.exe
    SRV - [2013/08/07 16:31:36 | 002,868,544 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\Umbrella.exe -- (SProtection)
    O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
    O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
    O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
    [2013/10/20 01:24:30 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Iminent
    [2013/10/20 01:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
    [2013/10/16 14:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
    [2013/10/16 14:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
    [2013/10/20 01:24:30 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Iminent
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\Iminent
    C:\Program Files\Common Files\Umbrella
    
    :Commands
    [PURITY]
    [emptytemp]
    [reboot]
    
    
    Then click the Run Fix button at the top.
    Click OK.

    OTL may ask to reboot the machine. Please do so if asked.

    The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder – C:\_OTL\MovedFiles
    It will be named – mmddyyyy_hhmmss.log
    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

    Let me know How things are doing?

    Note: There are some other things that will need attention and I will have them for you as I can. You have an elderly Laptop with outdated Vista and other apps. so it might be a lengthy fix but I'm game if you are.....

    2oG
     
    Last edited: Oct 24, 2013
  9. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    Seems to be much running better ! -thanks :) Nice to find someone who knows what they are talking about!
    Here is first report
    RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : iza [Admin rights]
    Mode : Remove -- Date : 10/25/2013 19:13:18
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] OptimizerPro.exe -- c:\programdata\summersoft\optimizerpro\OptimizerPro.exe [-] -> KILLED [TermProc]
    [SUSP PATH] Live.exe -- C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    Finished : << RKreport[0]_D_10252013_191318.txt >>
    All processes killed
    ========== OTL ==========
    No active process named Iminent.exe was found!
    No active process named Iminent.Messengers.exe was found!
    No active process named Umbrella.exe was found!
    Error: No service named SProtection was found to stop!
    Service\Driver key SProtection not found.
    File C:\Program Files\Common Files\Umbrella\Umbrella.exe not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
    File C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent not found.
    File C:\Program Files\Iminent\Iminent.exe not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger not found.
    File C:\Program Files\Iminent\Iminent.Messengers.exe not found.
    Folder C:\Users\iza\AppData\Roaming\Iminent\ not found.
    Folder C:\ProgramData\Iminent\ not found.
    Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\ not found.
    Folder C:\Program Files\Iminent\ not found.
    Folder C:\Users\iza\AppData\Roaming\Iminent\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\iza\Downloads\cmd.bat deleted successfully.
    C:\Users\iza\Downloads\cmd.txt deleted successfully.
    File\Folder C:\Program Files\Iminent not found.
    File\Folder C:\Program Files\Common Files\Umbrella not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: iza
    ->Temp folder emptied: 2262865 bytes
    ->Temporary Internet Files folder emptied: 2139752 bytes
    ->FireFox cache emptied: 16589495 bytes
    ->Google Chrome cache emptied: 258722813 bytes
    ->Flash cache emptied: 41736 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 148400066 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 670575 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 168248 bytes

    Total Files Cleaned = 409.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10252013_192138

    Files\Folders moved on Reboot...
    C:\windows\temp\mcafee_bdVteP1cAuyTVQP moved successfully.
    C:\windows\temp\mcafee_eXfkd16C2oonpfq moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

     
    Last edited: Oct 25, 2013
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    go ahead and reboot..
     
  11. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    hi , done reboot
     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    I've got some more stuff but don't have the time right now so, will send it later..

    Are things starting to look up? We should be able to speed you up somewhat when all done.

    2oG
     
    Last edited: Oct 25, 2013
  13. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    okay thanks 2old. Yeh looking good so far -that's a lot of softwear to use. Isn't there a One stop fix it all solution? (or something that comes close?)
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    LOL, there is NO "Swiss Army Knife" (one tool does it all) for removing malware and cleaning a computer. I would like to find one and so would everyone else:) There are a lot of crappy programs out there that claim they can do it all, and I see that you have used a few of them, but it just ain't gonna happen. :( That's OK, I'll fix you up. :)

    Hold tight, you're looking better but we still have a ways to go..
    2oG
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Here we go:

    Run Combofix:

    Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

    Combofix may need to reboot your computer more than once to do its job this is normal.

    You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

    Link 1
    Link 2
    Link 3

    1. Close any open browsers or any other programs that are open.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

    "information and logs"

    In your next post I need the following
    Log from Combofix
    let me know of any problems you may have had





    -Uninstall some programs-

    NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

    Hold down the Windows key (bottom left on keyboard next to the Ctrl key) then press the “R” key. The Run box will open. Then type or copy/past appwiz.cpl into the box and click OK.

    The Unistall or change a program list will be opened.
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:


    Java(TM) 6 Update 6
    Anvisoft Anvi Smart Defender
    Spybot - Search & Destroy
    eMule


    Take extra care in answering questions posed by any Uninstaller.
    When the program(s) have been uninstalled, please close Control Panel




    Your Java was out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Upgrading Java:
    • Download the latest version of JRE 7 Update 45.
    • Click the "Free Java Download" button.
    • Click the “Agree and Start Free Download” button.
    • Click on the download link for your system and save it to your desktop.
    Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")




    -HijackThis-

    Please download and save -> Hijackthis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin"
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • Hijackthis will scan and then a log will open in notepad.
    Copy and paste the entire contents of the log in your next post.
    Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Please post the HijackThis log and Combofix Log in your next reply.

    Cheers,
    2oG
     
  16. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    DELETED
     
    Last edited: Oct 28, 2013
  17. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    DELETED
     
    Last edited: Oct 28, 2013
  18. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    DELETED
     
    Last edited: Oct 28, 2013
  19. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    Okay , got this after i returned to laptop.Also on combofix scan , Spybot(2.1) was running - always had problem with this as i have used combofix before -i don't seem to have disable function (i tried for over half an hour and went around in circles) Dunno whether website but laptop has slowed down and i am having trouble posting this Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6001.2.1.0.768.2 Locale ID: 2057 Additional information about the problem: BCCode: 7a BCP1: C0411628 BCP2: C0000185 BCP3: 1BADE860 BCP4: 822C5000 OS Version: 6_0_6001 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini102713-01.dmp C:\Users\iza\AppData\Local\Temp\WER-162553-0.sysdata.xml C:\Users\iza\AppData\Local\Temp\WERFCA6.tmp.version.txt

    the combofix scan is toooo long and it all seems to be related to counter strike game.Will post if you need it - caused me huge problems in posting and deleting it

    Here is HJT


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 00:17:33, on 28/10/2013
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18639)
    Boot mode: Normal

    Running processes:
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
    C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
    O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: DowwnLoad keeeper - {39F5029A-459C-A08C-BF8A-625FBE476B83} - C:\ProgramData\DowwnLoad keeeper\Jt6Rwqk.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
    O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
    O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
    O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
    O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Pando Media Booster] null\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
    O4 - Startup: GamersFirst LIVE!.lnk = C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll APSHook.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: EngineServer - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
    O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

    --
    End of file - 11759 bytes
     
    Last edited: Oct 27, 2013
  20. tali1

    tali1 Regular member

    Joined:
    Apr 12, 2008
    Messages:
    137
    Likes Received:
    2
    Trophy Points:
    28
    Much confusion as Combofix log refuses to delete
     
    Last edited: Oct 27, 2013

Share This Page