latop is verry slooow

One post like that is bad enough, but 4 times?

Go into the last 4 posts "edit" select all and delete them.. PLEASE.. Then let me know if you can get into your computer OK..

2oG

 

Okay , sorry about combofix logs -they are now deleted.
Pc is running fine.
Is there anything else i need to do?

 

Yes..

As I said, you have an elder version of Vista, an operating system that was not good to start with.

Do Not try to update it or add the Service Pac 2. That can cause it to crash and sometimes the recovery partition will not work. There are a lot of reasons it was replaced with Win 7.

Vista loves a lot of RAM in order to function, 4GB plus and you only have less than 2GB of useable RAM. At this time your RAM is being used by a lot of programs being loaded and ran at boot time, un-necessarily, thereby taking up RAM and resources that slow you down.


First defragment your drive:
1. Open Disk Defragmenter by clicking the Start button , clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
2. Click Defragment Now.
Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.

I will put together a list of programs to stop from running all the time and post it as soon as I can.


Hang in there,
2oG

 

Disk Defragmenter done.Never liked this new method as it doesn't seem to tell you whether a defrag is needed or not-or any other info for that matter

 

Ain't it the truth

An old programing trick is to have the program start up when you turn on the computer. That way when you start it there is little time wasted getting it running. They don't take into consideration that it is using memory and resources when doing this. HELLO?

By Fixing the start line in HJT it will keep that program from starting and running all the time when not needed. This does NOT remove or delete the program and it will start when you need it by clicking on the icon.

I have removed the necessary program lines from this list and what's left is either not needed or can be the users choice to let it run. Anything you see that you think you want running, just don't check it....


Fix Hijackthis Entries
• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):

O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE –startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe –hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" –silent

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.


I'll just bet that about does it for me so, let me know how things are going and if I can help any more let me know..

2oG

 

THANKS V MUCH .Done all that.
Also can i use all the above tools to quick clean my other Pcs- or would i need logs analysis?
So what is best preventative software to use ?
Is it worth using a VPN or TOR?( i just understand the very basics of these nothing more)
Also in those logs what is the tell sign of malware /dodgy /corrupt entries?

 

You know, I just thought I was through with you

I went back and looked over the logs real close and found a few things buried in all those games that I missed the first time.

Tell you what, run OTL again and post the new log, now that the other stuff has been cleaned out and I'll go over it for a final...Then I'll let you know what you need to delete and what you can keep and use. OK?

2oG

 

Ok , here are OTL logs-i hope these are last ones!

OTL logfile created on: 31/10/2013 18:08:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\iza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 35.04% Memory free
3.74 Gb Paging File | 2.33 Gb Available in Paging File | 62.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 42.01 Gb Free Space | 30.22% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.86 Gb Free Space | 20.62% Space Free | Partition Type: NTFS
Drive E: | 695.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1020.00 Mb Total Space | 1017.74 Mb Free Space | 99.78% Space Free | Partition Type: FAT32

Computer Name: IZA-PC | User Name: iza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 21:50:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\iza\Downloads\OTL.exe
PRC - [2013/10/11 20:16:13 | 000,540,160 | ---- | M] () -- c:\ProgramData\SummerSoft\OptimizerPro\OptimizerPro.exe
PRC - [2013/10/09 00:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/01 12:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/06/25 16:00:32 | 002,878,504 | ---- | M] (GamersFirst) -- C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe
PRC - [2013/06/06 21:59:45 | 001,925,656 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
PRC - [2013/05/02 04:53:14 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 13:55:02 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2008/06/02 17:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/30 16:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/23 08:50:10 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/05/23 08:50:04 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
PRC - [2008/05/21 00:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/14 17:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/13 23:47:28 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/12 13:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/04/28 23:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/01/21 02:33:24 | 000,117,248 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE
PRC - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 07:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/28 20:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
PRC - [2007/05/23 22:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/05/15 23:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 23:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 23:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/02/13 19:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 00:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 00:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/09 00:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 00:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/05/12 21:13:55 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\71aec26781d7e59678f478eb0d829cca\System.Management.ni.dll
MOD - [2013/05/12 21:11:35 | 000,786,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b4b3499aefaf0be2481e26bf1b3cf05c\System.EnterpriseServices.ni.dll
MOD - [2013/05/12 21:11:35 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\b4b3499aefaf0be2481e26bf1b3cf05c\System.EnterpriseServices.Wrapper.dll
MOD - [2013/05/12 21:11:34 | 000,646,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\05cdc2d6fb30991b33e4d8c275a3ef7c\System.Transactions.ni.dll
MOD - [2013/05/12 21:11:31 | 002,637,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\933c05c80f64460a6c332ead830b4313\System.Runtime.Serialization.ni.dll
MOD - [2013/05/12 21:11:26 | 001,781,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bc3b4596da878455664b10f8f5a3eea9\System.Xaml.ni.dll
MOD - [2013/05/12 19:08:03 | 000,284,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e4d910883d184867c46cbd22e55335bd\PresentationFramework.Classic.ni.dll
MOD - [2013/05/12 19:07:52 | 013,137,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\81408cc3ba17ae98c1977f435a491e00\System.Windows.Forms.ni.dll
MOD - [2013/05/12 19:07:25 | 017,671,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ff91a03e0ff9f9885b735db6734d568c\PresentationFramework.ni.dll
MOD - [2013/05/12 19:07:00 | 011,106,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\942925bd6f724122cb4b3c71acbdcb04\PresentationCore.ni.dll
MOD - [2013/05/12 19:06:43 | 003,798,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\39ad17570cd9b350f3191c46af747f0a\WindowsBase.ni.dll
MOD - [2013/05/12 19:06:28 | 006,798,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\9fea2a740d10da358757079ce9a25a8e\System.Data.ni.dll
MOD - [2013/05/12 19:05:56 | 005,618,176 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ccaccea2516d5479f2267ed40ad51f2c\System.Xml.ni.dll
MOD - [2013/05/12 19:05:47 | 000,980,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\666c9ef4162700495e504025c20caacd\System.Configuration.ni.dll
MOD - [2013/05/12 19:05:41 | 007,054,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ca04626157aebf0f25378a2489d08d00\System.Core.ni.dll
MOD - [2013/05/12 19:05:29 | 001,652,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5b5dbf8a469be467c6f3a1ef97ff22cd\System.Drawing.ni.dll
MOD - [2013/05/12 19:05:24 | 009,085,440 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\4532468deac0fdeff26329333c7642b6\System.ni.dll
MOD - [2013/05/12 18:43:17 | 014,408,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dc0b188b244ec4a4ccec59ac6f1620ad\mscorlib.ni.dll
MOD - [2012/04/26 22:38:30 | 020,758,016 | ---- | M] () -- C:\Users\iza\AppData\Local\GamersFirst\LIVE!\libcef.dll
MOD - [2008/05/21 11:48:56 | 000,024,576 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\AgtRes_l.dll
MOD - [2008/05/21 09:38:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/05/13 23:40:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/08/28 20:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
MOD - [2007/08/28 20:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll


========== Services (SafeList) ==========

SRV - [2013/10/01 12:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/06 20:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/02 04:53:14 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2009/08/24 12:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/07/23 13:55:02 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2008/06/02 17:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/30 16:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/23 08:50:10 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/05/21 00:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 00:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 17:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/05/12 13:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/04/28 23:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2008/04/28 23:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 07:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/23 22:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2007/05/15 23:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/02/13 19:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva404.sys -- (XDva404)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva403.sys -- (XDva403)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys -- (FairplayKD)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2013/10/27 21:31:09 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\iza\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/10/25 18:05:49 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\TrueSight.sys -- (TrueSight)
DRV - [2013/08/12 12:51:35 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/07/22 02:19:44 | 000,113,336 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/11/10 17:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2008/05/30 16:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/30 16:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/30 16:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/30 16:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/21 10:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 23:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/28 23:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2008/04/28 23:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/04/28 23:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2008/04/28 23:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/04/14 21:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/07 18:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 18:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 02:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/02 21:17:34 | 000,120,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\iza\AppData\Local\Roblox\Versions\version-8049d9622c164956\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\iza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\windows\system32\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/19 21:22:05 | 000,000,000 | ---D | M]

[2013/10/18 19:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iza\AppData\Roaming\Mozilla\Extensions
[2013/10/19 19:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iza\AppData\Roaming\Mozilla\Firefox\Profiles\894786sj.default\extensions
[2013/10/18 21:16:47 | 000,007,523 | ---- | M] () (No name found) -- C:\Users\iza\AppData\Roaming\Mozilla\Firefox\Profiles\894786sj.default\extensions\firefox@glindorus.net.xpi
[2013/10/18 17:41:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/18 17:41:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\iza\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Nexon Game Controller (Disabled) = C:\ProgramData\NexonEU\NGM\npNxGameEU.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\iza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Disabled) = C:\Users\iza\AppData\Local\Roblox\Versions\version-8049d9622c164956\\NPRobloxProxy.dll
CHR - plugin: Windows Presentation Foundation (Disabled) = C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\windows\system32\Adobe\Director\np32dsw_1204144.dll
CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: DowwnLoad keeeper = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjpmfombidbiadoceeionjfpafodhni\1.6\
CHR - Extension: Google Docs = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0\
CHR - Extension: Hide My Ass = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjonpeiaiacbgfgemlchebljmfgjnmh\3.7_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Temple Run 2 HD NEW = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonebondjnigdjfehefgmjbhglbcblao\1.0_0\
CHR - Extension: Gmail = C:\Users\iza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DowwnLoad keeeper) - {39F5029A-459C-A08C-BF8A-625FBE476B83} - C:\ProgramData\DowwnLoad keeeper\Jt6Rwqk.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] File not found
O4 - HKCU..\Run: [Pando Media Booster] null\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\iza\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D22213C-7E51-4A42-AA09-6637DB2300FD}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.316.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\iza\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\iza\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/17 10:37:31 | 000,000,034 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{453b8ec8-b2af-11e2-a02c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{453b8ec8-b2af-11e2-a02c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SUPERCD.EXE -- [2004/02/17 10:37:50 | 000,088,299 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/28 19:48:27 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\PAYDAY
[2013/10/28 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\Payday The Heist
[2013/10/28 00:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/10/28 00:10:49 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/28 00:08:40 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013/10/28 00:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/28 00:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/28 00:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/28 00:07:01 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/28 00:06:46 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/28 00:06:46 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/28 00:06:46 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/28 00:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/27 21:34:42 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/10/27 21:33:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/27 21:27:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/10/27 21:27:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/10/27 21:27:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/10/27 21:27:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/10/27 21:26:27 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ProcAlyzer Dumps
[2013/10/27 21:20:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/27 21:19:31 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/10/25 18:21:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/25 18:03:05 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\RK_Quarantine
[2013/10/24 21:50:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/10/24 21:33:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/20 15:58:33 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Anvisoft
[2013/10/20 15:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/10/20 15:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/10/20 15:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2013/10/19 19:37:13 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\AVAST Software
[2013/10/19 19:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/19 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\MFAData
[2013/10/19 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/10/19 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/10/19 19:30:21 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Avg2014
[2013/10/19 19:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/18 17:53:07 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Mozilla
[2013/10/18 17:53:07 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Mozilla
[2013/10/18 17:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/10/18 17:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/17 21:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bohemia Interactive
[2013/10/17 20:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/10/16 17:36:45 | 000,000,000 | ---D | C] -- C:\windows\System32\Adobe
[2013/10/16 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2 Demo
[2013/10/16 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 Demo
[2013/10/16 12:28:03 | 000,000,000 | ---D | C] -- C:\Users\iza\.onlineboxing3d
[2013/10/16 12:08:38 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\windows\System32\drivers\hardlock.sys
[2013/10/16 12:06:46 | 001,060,864 | --S- | C] (Microsoft Corporation) -- C:\windows\System32\mfc71.dll
[2013/10/15 23:57:19 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Spirited_Machine
[2013/10/15 23:10:48 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Spirited Machine
[2013/10/15 22:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spirited Machine
[2013/10/15 22:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArmA II Launcher
[2013/10/15 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\ARMA 2 Operation Arrowhead
[2013/10/15 12:51:19 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2 OA Demo
[2013/10/15 12:51:18 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 OA DEMO
[2013/10/15 12:05:00 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2
[2013/10/14 23:28:20 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\ArmA 2 Other Profiles
[2013/10/14 21:18:28 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArmA 2
[2013/10/14 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013/10/14 16:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2013/10/13 21:51:59 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmA 2 OA
[2013/10/12 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\CastleMinerZ
[2013/10/12 21:38:40 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\DigitalDNA Games
[2013/10/12 21:30:33 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigitalDNA Games
[2013/10/12 21:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2013/10/12 19:09:15 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\ArmaAddonSync2009
[2013/10/12 19:08:38 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Yoma_Tools
[2013/10/12 19:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YomaTools
[2013/10/12 19:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\YomaTools
[2013/10/12 17:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Quadriga Games
[2013/10/12 12:51:13 | 000,000,000 | ---D | C] -- C:\Users\iza\Desktop\Garry's Mod
[2013/10/11 20:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/11 20:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013/10/11 20:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ss-Helper
[2013/10/11 20:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/10/10 21:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/10/10 21:26:55 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Google
[2013/10/10 21:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 8
[2013/10/10 21:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013/10/10 21:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2013/10/10 19:12:23 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Quadriga Games
[2013/10/10 19:12:06 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
[2013/10/10 19:12:06 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
[2013/10/10 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\1-click run
[2013/10/08 17:23:28 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\TeamViewer
[2013/10/08 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/10/06 11:40:48 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2013/10/06 10:21:52 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\PointBlank
[2013/10/06 00:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\BandiMPEG1
[2013/10/06 00:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tahadi Games
[2013/10/06 00:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Tahadi Games
[2013/10/06 00:02:09 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\GamersFirst LIVE!
[2013/10/05 23:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013/10/05 23:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2013/10/05 22:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Warrock EU
[2013/10/05 22:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2013/10/05 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2013/10/05 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\GamersFirst
[2013/10/05 17:54:48 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2013/10/05 13:04:46 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Aeria Games
[2013/10/05 13:02:33 | 000,000,000 | ---D | C] -- C:\Users\iza\AppData\Local\Akamai
[2013/10/05 13:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2013/10/05 13:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Aeria Games
[2013/10/05 13:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013/10/04 22:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.5
[2013/10/04 22:14:31 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\windows\System32\D3DX81ab.dll
[2013/10/04 22:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2013/10/04 22:04:31 | 000,000,000 | ---D | C] -- C:\Users\iza\Documents\My Cheat Tables
[2013/10/04 22:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3

========== Files - Modified Within 30 Days ==========

[2013/10/31 18:08:39 | 000,668,940 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/10/31 18:08:39 | 000,133,356 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/10/31 18:03:14 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 18:03:14 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/31 18:02:57 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/31 18:02:46 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2013/10/31 18:02:45 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Happy Lyrics Update.job
[2013/10/31 18:02:42 | 000,000,460 | -H-- | M] () -- C:\windows\tasks\OptimizerPro-S-480333868.job
[2013/10/31 18:02:21 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2013/10/31 18:02:20 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2013/10/31 18:02:18 | 008,405,015 | ---- | M] () -- C:\windows\TempFile
[2013/10/31 18:02:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/10/31 00:20:03 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/30 17:39:38 | 000,000,414 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{83CD2159-3CC1-4F4F-B7FA-20A7B75D19BE}.job
[2013/10/29 23:14:28 | 000,009,707 | ---- | M] () -- C:\windows\System32\Config.MPF
[2013/10/29 23:14:28 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2013/10/28 19:46:14 | 000,001,585 | ---- | M] () -- C:\Users\iza\Desktop\Play Payday The Heist.lnk
[2013/10/28 00:10:49 | 000,001,944 | ---- | M] () -- C:\Users\iza\Desktop\HiJackThis.lnk
[2013/10/28 00:06:29 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013/10/28 00:06:27 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013/10/28 00:06:27 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013/10/28 00:06:27 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013/10/28 00:01:11 | 000,000,079 | ---- | M] () -- C:\windows\wininit.ini
[2013/10/27 21:34:42 | 227,627,570 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/10/25 18:05:49 | 000,026,624 | ---- | M] () -- C:\windows\System32\TrueSight.sys
[2013/10/20 21:29:55 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/18 00:16:54 | 000,335,550 | ---- | M] () -- C:\Users\iza\AppData\Local\census.cache
[2013/10/18 00:16:05 | 000,196,571 | ---- | M] () -- C:\Users\iza\AppData\Local\ars.cache
[2013/10/17 23:08:09 | 000,000,036 | ---- | M] () -- C:\Users\iza\AppData\Local\housecall.guid.cache
[2013/10/16 14:17:32 | 000,070,004 | ---- | M] () -- C:\Users\iza\Desktop\TeenageMutantNinjaPuppets.zip
[2013/10/16 13:50:05 | 000,000,073 | ---- | M] () -- C:\Users\iza\onlineboxing3dgame.properties
[2013/10/16 13:04:25 | 000,000,596 | ---- | M] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/10/15 22:58:34 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\ArmA II Launcher.lnk
[2013/10/14 16:33:31 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013/10/12 22:35:45 | 011,649,024 | ---- | M] () -- C:\Users\iza\Desktop\ffb7219618e24d57a9a0962c8a3ac9170 (1)
[2013/10/10 21:23:14 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\SketchUp 8.lnk
[2013/10/09 23:57:36 | 000,024,323 | ---- | M] () -- C:\Users\iza\Desktop\1239758_1399579076935295_765875614_n.jpg
[2013/10/09 23:56:16 | 000,043,283 | ---- | M] () -- C:\Users\iza\Desktop\skeleton_middle_finger1.jpg
[2013/10/09 22:34:35 | 000,001,722 | ---- | M] () -- C:\Users\iza\Documents\Default.rdp
[2013/10/09 14:51:16 | 000,383,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/10/08 17:19:04 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/06 00:08:54 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\PointBlank.lnk
[2013/10/05 23:11:15 | 000,000,182 | ---- | M] () -- C:\Users\Public\Desktop\WarRock.url
[2013/10/05 22:33:58 | 000,000,990 | ---- | M] () -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013/10/05 22:33:58 | 000,000,960 | ---- | M] () -- C:\Users\iza\Desktop\GamersFirst LIVE!.lnk
[2013/10/05 13:01:30 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2013/10/05 12:48:59 | 000,000,104 | ---- | M] () -- C:\Users\iza\Desktop\Recycle Bin.lnk
[2013/10/04 22:14:33 | 000,000,792 | ---- | M] () -- C:\Users\iza\Desktop\Cheat Engine.lnk

========== Files Created - No Company Name ==========

[2013/10/28 19:46:14 | 000,003,153 | ---- | C] () -- C:\Users\iza\Desktop\visit-nosteam.ro.html
[2013/10/28 19:46:14 | 000,001,585 | ---- | C] () -- C:\Users\iza\Desktop\Play Payday The Heist.lnk
[2013/10/28 19:46:14 | 000,000,083 | ---- | C] () -- C:\Users\iza\Desktop\update-PAYDAY.bat
[2013/10/28 00:10:49 | 000,001,944 | ---- | C] () -- C:\Users\iza\Desktop\HiJackThis.lnk
[2013/10/28 00:00:51 | 000,000,079 | ---- | C] () -- C:\windows\wininit.ini
[2013/10/27 21:32:56 | 227,627,570 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/10/27 21:27:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/10/27 21:27:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/10/27 21:27:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/10/27 21:27:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/10/27 21:27:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/10/25 18:05:49 | 000,026,624 | ---- | C] () -- C:\windows\System32\TrueSight.sys
[2013/10/18 00:16:54 | 000,335,550 | ---- | C] () -- C:\Users\iza\AppData\Local\census.cache
[2013/10/18 00:16:05 | 000,196,571 | ---- | C] () -- C:\Users\iza\AppData\Local\ars.cache
[2013/10/17 23:08:09 | 000,000,036 | ---- | C] () -- C:\Users\iza\AppData\Local\housecall.guid.cache
[2013/10/16 14:17:04 | 000,070,004 | ---- | C] () -- C:\Users\iza\Desktop\TeenageMutantNinjaPuppets.zip
[2013/10/16 13:04:10 | 000,000,596 | ---- | C] () -- C:\windows\System32\InstallUtil.InstallLog
[2013/10/16 12:30:39 | 000,000,073 | ---- | C] () -- C:\Users\iza\onlineboxing3dgame.properties
[2013/10/16 12:09:13 | 008,405,015 | ---- | C] () -- C:\windows\TempFile
[2013/10/16 12:06:47 | 000,860,211 | --S- | C] () -- C:\windows\System32\XSIFtk-3.6.2.1.dll
[2013/10/15 22:58:34 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\ArmA II Launcher.lnk
[2013/10/14 16:33:31 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2013/10/12 22:36:05 | 011,649,024 | ---- | C] () -- C:\Users\iza\Desktop\ffb7219618e24d57a9a0962c8a3ac9170 (1)
[2013/10/11 20:16:13 | 000,000,460 | -H-- | C] () -- C:\windows\tasks\OptimizerPro-S-480333868.job
[2013/10/10 21:23:14 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\SketchUp 8.lnk
[2013/10/10 21:09:34 | 000,650,752 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2013/10/10 21:09:34 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2013/10/10 21:09:34 | 000,152,064 | ---- | C] () -- C:\windows\System32\xvid.ax
[2013/10/09 23:57:36 | 000,024,323 | ---- | C] () -- C:\Users\iza\Desktop\1239758_1399579076935295_765875614_n.jpg
[2013/10/09 23:56:16 | 000,043,283 | ---- | C] () -- C:\Users\iza\Desktop\skeleton_middle_finger1.jpg
[2013/10/09 22:01:02 | 000,001,722 | ---- | C] () -- C:\Users\iza\Documents\Default.rdp
[2013/10/08 17:19:04 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/10/08 17:19:04 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/10/06 00:08:54 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\PointBlank.lnk
[2013/10/05 23:11:15 | 000,000,182 | ---- | C] () -- C:\Users\Public\Desktop\WarRock.url
[2013/10/05 22:33:58 | 000,000,990 | ---- | C] () -- C:\Users\iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013/10/05 22:33:58 | 000,000,960 | ---- | C] () -- C:\Users\iza\Desktop\GamersFirst LIVE!.lnk
[2013/10/05 13:01:30 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2013/10/05 12:48:59 | 000,000,104 | ---- | C] () -- C:\Users\iza\Desktop\Recycle Bin.lnk
[2013/10/04 22:14:33 | 000,000,792 | ---- | C] () -- C:\Users\iza\Desktop\Cheat Engine.lnk
[2013/10/04 22:14:31 | 001,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2013/07/22 22:58:58 | 000,000,680 | ---- | C] () -- C:\Users\iza\AppData\Local\d3d9caps.dat
[2013/05/02 11:46:04 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2013/05/02 11:46:03 | 000,106,605 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2013/05/01 22:39:50 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat

========== ZeroAccess Check ==========

[2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 02:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/10 16:18:05 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\.minecraft
[2013/10/27 23:59:28 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Anvisoft
[2013/10/19 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\AVAST Software
[2013/08/21 20:21:31 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Bioshock
[2013/08/12 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\DAEMON Tools Lite
[2013/09/06 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\fltk.org
[2013/05/16 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\InterVideo
[2013/09/19 15:04:32 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\MotioninJoy
[2013/08/27 14:18:15 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\MW3 FoV Changer
[2013/10/15 23:10:48 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Spirited Machine
[2013/10/09 21:45:25 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\TeamViewer
[2013/10/24 21:39:40 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Uniblue
[2013/05/18 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\Unity
[2013/10/28 20:20:18 | 000,000,000 | ---D | M] -- C:\Users\iza\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >





OTL Extras logfile created on: 31/10/2013 18:08:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\iza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 35.04% Memory free
3.74 Gb Paging File | 2.33 Gb Available in Paging File | 62.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 42.01 Gb Free Space | 30.22% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.86 Gb Free Space | 20.62% Space Free | Partition Type: NTFS
Drive E: | 695.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1020.00 Mb Total Space | 1017.74 Mb Free Space | 99.78% Space Free | Partition Type: FAT32

Computer Name: IZA-PC | User Name: iza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{64EF3FBE-7897-4AB3-807C-D19D9B18B28E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D70C6D2D-14AF-4688-A726-13381EBD1859}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{D7B989A0-A624-4134-ACF1-B4D70248E3B7}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0969ED13-2E1B-4639-AFCF-A91C0464538F}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 demo\arma2demo.exe |
"{130A7EA5-D20F-43E2-9262-8A62C596D310}" = protocol=6 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
"{235E93EE-F6F2-49D8-8513-CEC62B0E3A01}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe |
"{3431F158-217E-4C73-9C38-2BD53873285B}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 demo\arma2demo.exe |
"{37D148B0-2673-4302-946C-7E478B885F17}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{3DC94B2B-9DCC-4583-8CD3-CED11F52F370}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{3EDAF54F-7C98-4CED-AE07-74330C04C8C2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{41D7550D-3B58-44D4-B7DD-5EE75473EBF0}" = protocol=17 | dir=in | app=c:\program files\tahadi games\pointblank\pointblank.exe |
"{455AAFE8-4FC1-4274-9422-CA09E05DC7B8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{4567C814-7276-4AEC-84BE-75B4BFD96B59}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 free\arma2free.exe |
"{5245C2AC-F35A-4E79-95A3-71645FC86656}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{5797C31F-F616-4577-815D-B33F2F5D90DC}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{6242029F-7318-43EF-A348-DC6FAB3A8F7F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{67AC8050-B003-4877-AFC6-5BDD126E5274}" = protocol=17 | dir=in | app=c:\games\scribblenauts unmasked a dc comics adventure\scribble.exe |
"{69B53EB3-22E2-4D27-AF94-F88A8DBE398E}" = protocol=17 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
"{76A321D2-F23B-4942-BFC3-44E42661DF68}" = protocol=6 | dir=in | app=c:\games\scribblenauts unmasked a dc comics adventure\scribble.exe |
"{7E2E124C-4ACC-496C-8DDE-5B580CE94A4A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\source sdk base 2007\hl2.exe |
"{A20BBA7E-9A2E-434E-B39B-D6C618DF2EBC}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{AF2EAB0F-523C-4578-8984-D64EC936114C}" = protocol=6 | dir=in | app=c:\program files\tahadi games\pointblank\pointblank.exe |
"{B133FFDD-301A-4410-9A88-18835BC36506}" = protocol=6 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
"{B4F7DFAE-12A3-4B54-95EC-6A684ECBD4C8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\source sdk base 2007\hl2.exe |
"{B5FC8974-E5EE-4483-BB3D-972DA0826C2E}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{B84E0F36-6B65-466D-A479-5BA7C9A26030}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{BA1EED55-1D39-4853-BA78-DEB8EDA480A0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{BB17B6E2-EE79-48EB-BD16-CA62E384664F}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{BB3ACA3D-67ED-4096-8925-F2452EB64242}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{CC2FA603-44D9-421A-9F13-BEA7F4A1068E}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D6180919-3A3F-4185-ADA3-2C89AF89741C}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{DC595585-E714-4969-B9A4-577E4D87C2A1}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{DFEDC94A-967D-4ABF-B27E-37D2EC3054AC}" = protocol=17 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
"{EF362F44-0232-42AE-B110-17FB6233FD35}" = protocol=6 | dir=in | app=c:\windows\system32\null\pando networks\media booster\pmb.exe |
"{F0BEBA28-EDC8-43B8-8D01-64A2C187EAEE}" = dir=in | app=null\pando networks\media booster\pmb.exe |
"{F2E2477A-BE4A-47F3-98AE-44B7602E119A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{F3F071C8-5F06-4B83-826E-E75EDDEA8A67}" = dir=in | app=c:\program files\iminent\iminent.exe |
"{F5A53108-8FC6-4383-AE97-EA4D70212F89}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{FCB9C15F-B1C3-4F4C-8958-C836EAF89E3F}" = protocol=17 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
"{FFA742D6-5864-4ACF-AB10-0CB367DCF6EE}" = dir=in | app=c:\program files\iminent\iminent.messengers.exe |
"TCP Query User{0C8B4D28-4182-44B5-AF88-826388B78986}C:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe |
"TCP Query User{18B7533B-C4D3-457D-8520-A8422637754B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{2BF56D3F-8FB0-4096-BD5F-6E7A2678CAC4}C:\games\dishonored nosteam\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\games\dishonored nosteam\binaries\win32\dishonored.exe |
"TCP Query User{3E879BDD-B14F-4A28-83B1-A3B73DC069B6}C:\games\gta san andreas\proxy_sa.exe" = protocol=6 | dir=in | app=c:\games\gta san andreas\proxy_sa.exe |
"TCP Query User{4999F9D3-406C-4FD2-9590-109E94C3DA14}C:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat" = protocol=6 | dir=in | app=c:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat |
"TCP Query User{4B9ADC66-FC55-441C-B260-47ADF5080D60}C:\users\iza\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\iza\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4BC6354C-BB7F-4344-B204-31600004DAD4}C:\program files\arma 2\arma2.exe" = protocol=6 | dir=in | app=c:\program files\arma 2\arma2.exe |
"TCP Query User{4C82DA05-BE3E-4BDE-B1CC-B6E394182840}C:\users\iza\desktop\garry's mod\hl2.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\garry's mod\hl2.exe |
"TCP Query User{521235CE-EF11-426C-861A-210E30D159D7}C:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=c:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe |
"TCP Query User{55AA17BF-5D49-494C-BCF0-B2629E8E36AD}C:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe |
"TCP Query User{5A1365AC-3822-4A4E-9CB3-C025295B9604}C:\games\payday 2 beta\payday2_win32_release.exe" = protocol=6 | dir=in | app=c:\games\payday 2 beta\payday2_win32_release.exe |
"TCP Query User{7CF118F9-B06E-4C24-97C5-D500B788121D}C:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe" = protocol=6 | dir=in | app=c:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe |
"TCP Query User{8C457147-9E5D-49B4-AF37-95233C42D265}C:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe |
"TCP Query User{A307BF4D-B391-4D12-9B66-91AED9CEE4FD}C:\program files\arma 2\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files\arma 2\arma2oa.exe |
"TCP Query User{A75BBB4C-5EC3-43D2-9F0C-3015742E9BA4}C:\users\iza\desktop\boxing3d\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\boxing3d\jre6\bin\java.exe |
"TCP Query User{B3E439A8-6B54-4831-ABAE-E2C782BA048B}C:\users\iza\downloads\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\users\iza\downloads\counter-strike\hl.exe |
"TCP Query User{CB70C4AF-7561-4B75-8931-29AE530304B5}C:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe |
"TCP Query User{D8662BB2-A56E-4BB8-9918-5499A7540DB3}C:\program files\arma 2\arma2oaserver.exe" = protocol=6 | dir=in | app=c:\program files\arma 2\arma2oaserver.exe |
"TCP Query User{F339E686-5F89-419F-A437-F1C90E8E218B}C:\users\iza\desktop\payday the heist\payday_win32_release.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\payday the heist\payday_win32_release.exe |
"TCP Query User{FD75B0BF-529F-431F-8F1F-61F2F2E7F76B}C:\users\iza\desktop\downloaded games\utorrent.exe" = protocol=6 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
"UDP Query User{025F768A-92C4-4782-97ED-E26A80CBCE69}C:\users\iza\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\iza\appdata\local\akamai\netsession_win.exe |
"UDP Query User{08E40B5E-9131-407E-8B4F-6F71E093BD5D}C:\users\iza\desktop\downloaded games\utorrent.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\downloaded games\utorrent.exe |
"UDP Query User{196492E3-5F59-4AF6-9E27-2EC80C8C621B}C:\games\dishonored nosteam\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\games\dishonored nosteam\binaries\win32\dishonored.exe |
"UDP Query User{2A9CC8AF-D811-4350-88A5-C4DCF12D9305}C:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\zeshaanali122\source sdk base\hl2.exe |
"UDP Query User{3A0B625E-C74D-49AA-9AB6-DD06E8BAA4D5}C:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat" = protocol=17 | dir=in | app=c:\games\call of duty modern warfare 3 multiplayer 4d1\iw5m.dat |
"UDP Query User{4C287850-3AAB-48F9-9C05-FC99EBD50D07}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{515F9EA3-1185-4B26-A075-F8113E131938}C:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=c:\users\iza\appdata\local\temp\rar$exa0.807\7 days to die\7daystodie.exe |
"UDP Query User{5FBCF63E-6ECA-4C0A-B79E-8176F26D8308}C:\program files\arma 2\arma2oaserver.exe" = protocol=17 | dir=in | app=c:\program files\arma 2\arma2oaserver.exe |
"UDP Query User{68055253-8135-487F-8C60-38BCB936D4CE}C:\program files\arma 2\arma2.exe" = protocol=17 | dir=in | app=c:\program files\arma 2\arma2.exe |
"UDP Query User{695673B9-18DC-4CEF-8955-3FDB9AF2D708}C:\users\iza\desktop\garry's mod\hl2.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\garry's mod\hl2.exe |
"UDP Query User{6C4DAB9D-903A-4353-BE21-24273392BC6A}C:\games\payday 2 beta\payday2_win32_release.exe" = protocol=17 | dir=in | app=c:\games\payday 2 beta\payday2_win32_release.exe |
"UDP Query User{7847512B-698A-4600-B683-704288AA188B}C:\program files\arma 2\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files\arma 2\arma2oa.exe |
"UDP Query User{8588E711-DF70-430D-863E-10D4674FDAD2}C:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\izaali10\source sdk base\hl2.exe |
"UDP Query User{88501D9D-1D72-4316-8A00-B731C9CF3B53}C:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe" = protocol=17 | dir=in | app=c:\users\iza\downloads\garrys.mod.13.v159\garry's mod\hl2.exe |
"UDP Query User{92056C4D-A467-43C5-97DC-D199C8A57A38}C:\users\iza\desktop\payday the heist\payday_win32_release.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\payday the heist\payday_win32_release.exe |
"UDP Query User{B0C43906-FAE4-41BA-9E73-7CA0E8BD403F}C:\games\gta san andreas\proxy_sa.exe" = protocol=17 | dir=in | app=c:\games\gta san andreas\proxy_sa.exe |
"UDP Query User{D701E9C8-2059-42BB-BDE5-3BED15434401}C:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oaserver.exe |
"UDP Query User{E0A7C098-FEBE-43E4-944F-21BB13DA71D1}C:\users\iza\downloads\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\users\iza\downloads\counter-strike\hl.exe |
"UDP Query User{E82A0350-5DF2-485F-84CF-1A66690B3199}C:\users\iza\desktop\boxing3d\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\boxing3d\jre6\bin\java.exe |
"UDP Query User{FEDB3BED-8CA5-4A6A-A6DA-6651B7314185}C:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe" = protocol=17 | dir=in | app=c:\users\iza\desktop\arma 2 operation arrowhead\arma2oa_demo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}" = Duty Calls
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0005
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1" = Call of Duty Black Ops 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}" = SketchUp 8
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{8FB91814-FE42-4B62-9B54-4B677A420715}_is1" = CLEO v3.0.950
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{967E55B4-6DDD-4A2F-BFC7-07F1E327971E}_is1" = 7 Days to Die - Alpha version 0.9.1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{ACE9FB2A-31A5-4285-9510-43F1636EAB21}" = EasyLife Gadget
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BC9BDD06-5674-4FAB-A30F-559C2DB171CA}" = UK-Info 2004 SE
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C1A27135-69EB-8D44-7358-34727DD7B820}" = DowwnLoad keeeper
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EACFCDA4-3286-4DEB-92D8-53006239F347}" = ArmA II Launcher
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE2D627E-D7E0-46EA-93A6-8583420285FA}" = Aeria Ignite
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.13.3296" = Aeria Ignite
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"ArmA 2" = ArmA 2 Free Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2 Demo" = ArmA2 Demo Uninstall
"ArnA 2: Combined Operations" = ArnA 2: Combined Operations
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BLACKSHADES" = Black Shades (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Cross Fire_is1" = Cross Fire En
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Polizei" = Police Force
"DivX Setup" = DivX Setup
"F.E.A.R. Online" = F.E.A.R. Online
"Family Guy Back to the Multiverse_is1" = Family Guy Back to the Multiverse
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"glindorus" = glindorus 1.0.0
"Google Chrome" = Google Chrome
"happylyrics@hpyproductions.net" = Happy Lyrics
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Minecraft1.5.2" = Minecraft1.5.2
"MTA:SA 1.3" = MTA:SA v1.3.4
"MVS" = McAfee Virus and Spyware Protection Service
"PCSU-SL_is1" = PC Speed Up
"PDF Complete" = PDF Complete
"PointBlank_is1" = PointBlank
"Police Force 22" = Police Force 2
"Police Pursuit Mod 7.6d 7.6d" = Police Pursuit Mod 7.6d 7.6d
"Police Simulator 2" = Police Simulator 2
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"S-480333868" = OptimizerPro
"San Andreas First Response v2.0" = San Andreas First Response v2.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"San Andreas Police Department First Response v2.5" = San Andreas Police Department First Response v2.5
"Scribblenauts Unmasked A DC Comics Adventure_is1" = Scribblenauts Unmasked A DC Comics Adventure
"Steam App 17500" = Zombie Panic Source
"Steam App 215" = Source SDK Base 2006
"Steam App 33970" = Arma 2: Operation Arrowhead Demo
"Sumotori Full Version" = Sumotori Full Version
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
"Warrock EU" = WarRock
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Zombie Panic!_is1" = Zombie Panic! 0.91a

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for iza
"97f28be79b4a4109" = CastleMiner Z
"Akamai" = Akamai NetSession Interface
"GamersFirst LIVE!" = GamersFirst LIVE!
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27/10/2013 17:19:59 | Computer Name = iza-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00020fdf, process id 0xf98, application start time 0x01ced35a4a43fec3.

Error - 27/10/2013 17:19:59 | Computer Name = iza-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00020fdf, process id 0x1850, application start time 0x01ced35a4a419d63.

Error - 27/10/2013 17:19:59 | Computer Name = iza-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00020fdf, process id 0x1a28, application start time 0x01ced35a4a3f3c03.

Error - 27/10/2013 17:20:00 | Computer Name = iza-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00020fdf, process id 0x7cc, application start time 0x01ced35a4a3817e3.

Error - 27/10/2013 17:33:26 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/10/2013 20:15:41 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/10/2013 08:05:56 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2013 08:01:49 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/10/2013 13:37:37 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/10/2013 14:03:21 | Computer Name = iza-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 29/10/2013 08:01:54 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2013 08:04:25 | Computer Name = iza-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 29/10/2013 19:14:15 | Computer Name = iza-PC | Source = DCOM | ID = 10010
Description =

Error - 30/10/2013 13:36:48 | Computer Name = iza-PC | Source = HTTP | ID = 15016
Description =

Error - 30/10/2013 13:37:38 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/10/2013 13:40:37 | Computer Name = iza-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 31/10/2013 14:02:09 | Computer Name = iza-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 01:34:22 on 31/10/2013 was unexpected.

Error - 31/10/2013 14:02:16 | Computer Name = iza-PC | Source = HTTP | ID = 15016
Description =

Error - 31/10/2013 14:03:21 | Computer Name = iza-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/10/2013 14:05:47 | Computer Name = iza-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

 

LOL That should be it. I just didn't have a final log and got a little confused.

Most of the tools you can use. Except OTL and Combofix. They require Advanced computer knowledge and special training….

A little clean up to do....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs it misses you can manually delete.

You can keep and use:
Malwarebytes free – I prefer the Pro (paid) version. It has a realtime scanner. The free ver does a good job though.
AdwCleaner
JRT
RogueKiller

Use a good AV, Firewall and malware scanner.
Paid AV’s
McAfee
Bitdefender
Kaspersky

Free AV’s
Avast
Bitdefender
Panda

Vista Firewall is OK.

Scan regularly with Malwarebytes Antimalware

Unless you are really deep into privacy.. Don’t mess with it.

Knowledge and a lot of experience.
Good judgment comes from Experience, Experience comes from a lot of Bad judgement.
I have been working with computers and fighting malware since the internet came into service in 1965 and am still learning…


Please let me know how you are doing and if I can further assist you….


2oG

 

Just wondering is it actually essential to remove all those tools ?

 

LOL, There is no law against keeping them and the geek police are not going to fine you or throw you in jail. If you play with them and make a bum call it can turn your computer into a paper weight. There is a tutorial for OTL but none for Combofix. It does not explain how to analyze or use it to fix things. It's basically a text book for the instructors to teach from. It does require Advanced computer knowledge and a lot of training in order to use it correctly...

Keep them if you wish but keep it in mind that you're playing with something that can wreck your computer.

Here is the master tutoral for OTL that is used for the classes. Look it over then maybe enroll at Geekstogo:

http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/


Enjoy reading it. Just don't pee on the electric fence
2oG

 

Despite regular clean ups and scans which fix probs only for a few days at best , probs continue.Google maps which i use a lot causes crashes.says i am on low on memory -which i have checked and i am not
My kids laptops are full of dodgy torrent downloads anda ll sorts of other crap andyet work fine, and yet my desktop pc which i do most housekeeping on is giving me so many problems with a crash certainty of about 95% !
Jesus - i've had this prob for over 2 years!

 

Maybe you never actually never complete cleaned your computer. Google server side polymorphic malware. You might have a back door hidden as asspm. You could have one of the user our firmware malware. They are not detectable or removable. Google firmware malware. There is only bad news on that front. Most major AV SCANNER producers admit A V scanning may find between 10 and 50 percent of the threats. Speaking from experience you probably pissed off someone. They know you know your computer is infected. They don't need to be stealthy. You kids computer is also infected but the malware is running in a stealth mode. It is best to play stupid. PS don't cross Pollinate your computer's with usbs. The infection is mostly spread over the Internet by drive-bys. It has a secondary attack with a badusb. It can and will infect any USB device it comes in contact with. Mac fools think they're potected. Macs or Unix machines are infected with ease. So are cell phones.

 

Hi tali1, it's been awhile, I really don't like to hear from you under these circumstances

Are you still using Vista?

It's been almost 2 years since I last helped you and I know things can change a lot so let's make some logs to see what's going on now:

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two log files on your desktop: FRST.txt and Addition.txt.

Please attach both logs to your next reply.
Please attach all reports using button below. Doing this, you make it easier for me to analyze and fix your problem.

NOTE: All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.

After I look over the logs, we can probe for the problem....

Hang in there.
2oG

 

Hi 2oldGeek i'm using Win7 Pro and it says farbar is not compatible
Mez -intresting certainly gives pause for thought
ddp -will do scandisk later

 

Holy Moly... You're running Win7 PRO and only have 2GB of RAM???????

Click the Resource Monitor button on that page to see that you only have 156MB left available for use...

The first thing I would suggest is to add more RAM! 4GB is about minimum for Win 7, especially PRO...

As far as I know FRST works with Win7 Pro..... unless you are running out of ram memory...

 

Just a thought...... I see more and more old computers being upgraded from XP or Vista and not upgrading the RAM.

 

YES...... He has a Full Boat and as I said he only has 156GB to run anything more than the 88 processes he is now running... It's kinda like stuffing 10 pounds of sh*t in a 5 pound bag.....